{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-27T00:00:00", "descriptions": [{"lang": "en", "value": "Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "67686", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67686"}, {"name": "MDVSA-2014:136", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136"}, {"name": "FEDORA-2014-9132", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.samba.org/samba/security/CVE-2014-0178"}, {"name": "1030308", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030308"}, {"name": "20140711 [ MDVSA-2014:136 ] samba", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/532757/100/0/threaded"}, {"name": "GLSA-201502-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml"}, {"name": "59407", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59407"}, {"name": "FEDORA-2014-7672", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0279.html"}, {"name": "59378", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59378"}, {"name": "MDVSA-2015:082", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082"}, {"name": "59579", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59579"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-0178", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "67686", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67686"}, {"name": "MDVSA-2014:136", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136"}, {"name": "FEDORA-2014-9132", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"}, {"name": "http://www.samba.org/samba/security/CVE-2014-0178", "refsource": "CONFIRM", "url": "http://www.samba.org/samba/security/CVE-2014-0178"}, {"name": "1030308", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030308"}, {"name": "20140711 [ MDVSA-2014:136 ] samba", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/532757/100/0/threaded"}, {"name": "GLSA-201502-15", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml"}, {"name": "59407", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59407"}, {"name": "FEDORA-2014-7672", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"}, {"name": "http://advisories.mageia.org/MGASA-2014-0279.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0279.html"}, {"name": "59378", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59378"}, {"name": "MDVSA-2015:082", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082"}, {"name": "59579", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59579"}, {"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:05:39.193Z"}, "title": "CVE Program Container", "references": [{"name": "67686", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67686"}, {"name": "MDVSA-2014:136", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136"}, {"name": "FEDORA-2014-9132", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.samba.org/samba/security/CVE-2014-0178"}, {"name": "1030308", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030308"}, {"name": "20140711 [ MDVSA-2014:136 ] samba", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/532757/100/0/threaded"}, {"name": "GLSA-201502-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml"}, {"name": "59407", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59407"}, {"name": "FEDORA-2014-7672", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0279.html"}, {"name": "59378", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59378"}, {"name": "MDVSA-2015:082", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082"}, {"name": "59579", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59579"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-0178", "datePublished": "2014-05-28T01:00:00", "dateReserved": "2013-12-03T00:00:00", "dateUpdated": "2024-08-06T09:05:39.193Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "18EF9944-C42C-482C-BB17-D2715A2ADCAF", "versionEndExcluding": "3.6.25", "versionStartIncluding": "3.6.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "49235CF9-9463-4408-9747-C37CE719E437", "versionEndExcluding": "4.0.18", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAC0F01F-2023-47CE-9661-A8E2A0FD4E92", "versionEndExcluding": "4.1.8", "versionStartIncluding": "4.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CB9C10B-284E-48CD-A524-1A6BF828AED9", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F70DD815-1DAA-4025-8C97-32C7D06D8AB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A37DA6E-6EB7-429B-ACE0-2B1220BD62C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3CA25E8C-9EFA-4A01-A2F0-CD63A39EDD08", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "41C33F47-0F28-4AE2-A895-82B5E0F4496D", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F6EEFF35-E903-4651-A4B4-D92FF26A7509", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "B44BD172-80FA-4260-BAFB-251A95E8C7B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "F09116D2-F168-4305-9A1D-88A1D42739A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:3.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "E3DAE05B-9086-4702-9586-77B34399E1EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "DA544013-8FAC-4452-9D38-081C514E2981", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "21DE15C9-3308-4DE0-8048-9B06AF4D7343", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "62CB4968-F331-4653-8B9F-75BA4BB7A6D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "3470D075-CCF2-42A1-A8C9-E375FC05FF47", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "EDA72F88-6799-4E6C-B73C-C92616B04661", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "EF17CB71-6E46-4A1E-9EAB-7D2E182D56C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "7E7FA486-73CE-4226-86C6-DA8383C5578F", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "B17D2B72-19E2-4DE6-B1E3-F1823E2690BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "FAC6922A-03CD-484A-BF40-F8F937428062", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "8470C251-2874-4047-A759-F8D5C6D5C755", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "332308A1-4BA4-4BC7-8B4B-7463CF98B664", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "DE7DEA84-27E5-4CF0-AC2A-B128BB5AE199", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.19:*:*:*:*:*:*:*", "matchCriteriaId": "455B73D1-E8F1-478C-8CEB-79E4B5F33A78", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.20:*:*:*:*:*:*:*", "matchCriteriaId": "1AC49023-CAD6-4875-BF94-EEC290E8A5A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.21:*:*:*:*:*:*:*", "matchCriteriaId": "C42BFAF8-5822-4782-B60D-BCB131834419", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.22:*:*:*:*:*:*:*", "matchCriteriaId": "BB1FD9EF-A863-48C6-8471-AB1D80B3C1E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.6.23:*:*:*:*:*:*:*", "matchCriteriaId": "C4B8A690-81D0-40C4-9301-CF1992C2DA0E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request."}, {"lang": "es", "value": "Samba 3.6.6 hasta 3.6.23, 4.0.x anterior a 4.0.18 y 4.1.x anterior a 4.1.8, cuando cierta configuraci\u00f3n de copia shadow vfs est\u00e1 habilitada, no inicializa debidamente el campo de respuesta SRV_SNAPSHOT_ARRAY, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n potencialmente sensible de la memoria de procesos a trav\u00e9s de una solicitud (1) FSCTL_GET_SHADOW_COPY_DATA o (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS."}], "id": "CVE-2014-0178", "lastModified": "2022-09-01T16:34:34.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-28T04:58:32.690", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2014-0279.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59378"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59407"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59579"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201502-15.xml"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:136"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:082"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.samba.org/samba/security/CVE-2014-0178"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/532757/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/67686"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030308"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Christof Schmitt as the original reporter.", "affected_release": [{"advisory": "RHSA-2014:1009", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba4-0:4.0.0-63.el6_5.rc4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-08-05T00:00:00Z"}, {"advisory": "RHSA-2014:0867", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.1.1-35.el7_0", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-07-09T00:00:00Z"}], "bugzilla": {"description": "samba: Uninitialized memory exposure", "id": "1101992", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1101992"}, "csaw": false, "cvss": {"cvss_base_score": "1.4", "cvss_scoring_vector": "AV:A/AC:H/Au:S/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-456->CWE-201", "details": ["Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.", "A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request."], "name": "CVE-2014-0178", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba3x", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Will not fix", "package_name": "samba", "product_name": "Red Hat Storage 2.1"}], "public_date": "2014-05-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-0178\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0178\nhttp://www.samba.org/samba/security/CVE-2014-0178"], "statement": "This issue does not affect the version of samba as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of samba3x as shipped with Red Hat Enterprise Linux 5. This issue affects the version of samba4 as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having Low security impact, a future update may address this flaw.", "threat_severity": "Low", "upstream_fix": "samba 4.0.18, samba 4.1.8"}