CVE-2014-3560
Published: 1 August 2014
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(2:3.4.7~dfsg-1ubuntu3.15)
|
precise |
Not vulnerable
(2:3.6.3-2ubuntu2.11)
|
|
trusty |
Released
(2:4.1.6+dfsg-1ubuntu2.14.04.3)
|
|
upstream |
Released
(4.0.21)
|
|
utopic |
Released
(2:4.1.8+dfsg-1ubuntu3)
|
|
wily |
Released
(2:4.1.8+dfsg-1ubuntu3)
|
|
xenial |
Released
(2:4.1.8+dfsg-1ubuntu3)
|
|
yakkety |
Released
(2:4.1.8+dfsg-1ubuntu3)
|
|
zesty |
Released
(2:4.1.8+dfsg-1ubuntu3)
|
|
vivid |
Released
(2:4.1.8+dfsg-1ubuntu3)
|
|
Patches: upstream: http://www.samba.org/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch |
||
samba4 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.0.21)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: upstream: http://www.samba.org/samba/ftp/patches/security/samba-4.0.20-CVE-2014-3560.patch |