CVE-2014-3560

Priority
High
Description
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x
before 4.1.11 allows remote attackers to execute arbitrary code via
unspecified vectors that modify heap memory, involving a sizeof operation
on an incorrect variable in the unstrcpy macro in string_wrappers.h.
References
Assigned-to
mdeslaur
Package
Upstream:released (4.0.21)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 15.04 (Vivid Vervet):DNE
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 15.10 (Wily Werewolf):DNE
Ubuntu 16.04 (Xenial Xerus):DNE
Patches:
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.0.21)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (2:3.6.3-2ubuntu2.11)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:4.1.6+dfsg-1ubuntu2.14.04.3)
Ubuntu 15.04 (Vivid Vervet):released (2:4.1.8+dfsg-1ubuntu3)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 15.10 (Wily Werewolf):released (2:4.1.8+dfsg-1ubuntu3)
Ubuntu 16.04 (Xenial Xerus):released (2:4.1.8+dfsg-1ubuntu3)
Patches:
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch
More Information

Valid XHTML 1.0 Strict

Updated: 2016-01-26 17:18:33 UTC (commit 10507)