CVE-2014-3560

Priority
High
Description
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x
before 4.1.11 allows remote attackers to execute arbitrary code via
unspecified vectors that modify heap memory, involving a sizeof operation
on an incorrect variable in the unstrcpy macro in string_wrappers.h.
References
Assigned-to
mdeslaur
Package
Upstream:released (4.0.21)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Patches:
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (4.0.21)
Ubuntu 17.10 (Artful Aardvark):released (2:4.1.8+dfsg-1ubuntu3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (2:3.6.3-2ubuntu2.11)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:4.1.6+dfsg-1ubuntu2.14.04.3)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2:4.1.8+dfsg-1ubuntu3)
Ubuntu 17.04 (Zesty Zapus):released (2:4.1.8+dfsg-1ubuntu3)
Patches:
Upstream:http://www.samba.org/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch
More Information

Updated: 2017-08-11 23:52:08 UTC (commit 13081)