CVE-2014-3560 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Redhat	Enterprise Linux
Samba	Samba

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
samba4-0:4.0.0-63.el6_5.rc4	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:1009	2014-08-05T00:00:00Z
Red Hat Enterprise Linux 7
samba-0:4.1.1-37.el7_0	cpe:/o:redhat:enterprise_linux:7	RHSA-2014:1008	2014-08-05T00:00:00Z

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html
http://secunia.com/advisories/59583
http://secunia.com/advisories/59610
http://secunia.com/advisories/59976
http://www.samba.org/samba/security/CVE-2014-3560
http://www.securityfocus.com/bid/69021
http://www.securitytracker.com/id/1030663
http://www.ubuntu.com/usn/USN-2305-1
https://bugzilla.redhat.com/show_bug.cgi?id=1126010
https://exchange.xforce.ibmcloud.com/vulnerabilities/95081
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2
https://nvd.nist.gov/vuln/detail/CVE-2014-3560
https://www.cve.org/CVERecord?id=CVE-2014-3560
https://www.samba.org/samba/security/CVE-2014-3560

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-08-01T00:00:00", "descriptions": [{"lang": "en", "value": "NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.samba.org/samba/security/CVE-2014-3560"}, {"name": "FEDORA-2014-9141", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html"}, {"name": "FEDORA-2014-9132", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605"}, {"name": "1030663", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030663"}, {"name": "59583", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59583"}, {"name": "69021", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/69021"}, {"name": "USN-2305-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2305-1"}, {"name": "openSUSE-SU-2014:1040", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2"}, {"name": "59610", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59610"}, {"name": "samba-cve20143560-bo(95081)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95081"}, {"name": "59976", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59976"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3560", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"}, {"name": "http://www.samba.org/samba/security/CVE-2014-3560", "refsource": "CONFIRM", "url": "http://www.samba.org/samba/security/CVE-2014-3560"}, {"name": "FEDORA-2014-9141", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html"}, {"name": "FEDORA-2014-9132", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"}, {"name": "https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630da3ba958c442438ea131c99fa088605", "refsource": "CONFIRM", "url": "https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630da3ba958c442438ea131c99fa088605"}, {"name": "1030663", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030663"}, {"name": "59583", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59583"}, {"name": "69021", "refsource": "BID", "url": "http://www.securityfocus.com/bid/69021"}, {"name": "USN-2305-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2305-1"}, {"name": "openSUSE-SU-2014:1040", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html"}, {"name": "https://git.samba.org/?p=samba.git;a=commitdiff;h=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2", "refsource": "CONFIRM", "url": "https://git.samba.org/?p=samba.git;a=commitdiff;h=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2"}, {"name": "59610", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59610"}, {"name": "samba-cve20143560-bo(95081)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95081"}, {"name": "59976", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59976"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:50:16.829Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.samba.org/samba/security/CVE-2014-3560"}, {"name": "FEDORA-2014-9141", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html"}, {"name": "FEDORA-2014-9132", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605"}, {"name": "1030663", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030663"}, {"name": "59583", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59583"}, {"name": "69021", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/69021"}, {"name": "USN-2305-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2305-1"}, {"name": "openSUSE-SU-2014:1040", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2"}, {"name": "59610", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59610"}, {"name": "samba-cve20143560-bo(95081)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95081"}, {"name": "59976", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59976"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3560", "datePublished": "2014-08-06T18:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:50:16.829Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-08-01T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-28T12:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1126010 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.samba.org/samba/security/CVE-2014-3560 (string)

}

2 : { »

name : FEDORA-2014-9141 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html (string)

}

3 : { »

name : FEDORA-2014-9132 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605 (string)

}

5 : { »

name : 1030663 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1030663 (string)

}

6 : { »

name : 59583 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/59583 (string)

}

7 : { »

name : 69021 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/69021 (string)

}

8 : { »

name : USN-2305-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2305-1 (string)

}

9 : { »

name : openSUSE-SU-2014:1040 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2 (string)

}

11 : { »

name : 59610 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/59610 (string)

}

12 : { »

name : samba-cve20143560-bo(95081) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95081 (string)

}

13 : { »

name : 59976 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/59976 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2014-3560 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=1126010 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1126010 (string)

}

1 : { »

name : http://www.samba.org/samba/security/CVE-2014-3560 (string)

refsource : CONFIRM (string)

url : http://www.samba.org/samba/security/CVE-2014-3560 (string)

}

2 : { »

name : FEDORA-2014-9141 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html (string)

}

3 : { »

name : FEDORA-2014-9132 (string)

refsource : FEDORA (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html (string)

}

4 : { »

name : https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630da3ba958c442438ea131c99fa088605 (string)

refsource : CONFIRM (string)

url : https://git.samba.org/?p=samba.git;a=commitdiff;h=e6a848630da3ba958c442438ea131c99fa088605 (string)

}

5 : { »

name : 1030663 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1030663 (string)

}

6 : { »

name : 59583 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/59583 (string)

}

7 : { »

name : 69021 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/69021 (string)

}

8 : { »

name : USN-2305-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2305-1 (string)

}

9 : { »

name : openSUSE-SU-2014:1040 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html (string)

}

10 : { »

name : https://git.samba.org/?p=samba.git;a=commitdiff;h=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2 (string)

refsource : CONFIRM (string)

url : https://git.samba.org/?p=samba.git;a=commitdiff;h=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2 (string)

}

11 : { »

name : 59610 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/59610 (string)

}

12 : { »

name : samba-cve20143560-bo(95081) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95081 (string)

}

13 : { »

name : 59976 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/59976 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T10:50:16.829Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1126010 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.samba.org/samba/security/CVE-2014-3560 (string)

}

2 : { »

name : FEDORA-2014-9141 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html (string)

}

3 : { »

name : FEDORA-2014-9132 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605 (string)

}

5 : { »

name : 1030663 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1030663 (string)

}

6 : { »

name : 59583 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/59583 (string)

}

7 : { »

name : 69021 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/69021 (string)

}

8 : { »

name : USN-2305-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2305-1 (string)

}

9 : { »

name : openSUSE-SU-2014:1040 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2 (string)

}

11 : { »

name : 59610 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/59610 (string)

}

12 : { »

name : samba-cve20143560-bo(95081) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95081 (string)

}

13 : { »

name : 59976 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/59976 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2014-3560 (string)

datePublished : 2014-08-06T18:00:00 (string)

dateReserved : 2014-05-14T00:00:00 (string)

dateUpdated : 2024-08-06T10:50:16.829Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "6CB9C10B-284E-48CD-A524-1A6BF828AED9", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F70DD815-1DAA-4025-8C97-32C7D06D8AB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A37DA6E-6EB7-429B-ACE0-2B1220BD62C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "3CA25E8C-9EFA-4A01-A2F0-CD63A39EDD08", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "41C33F47-0F28-4AE2-A895-82B5E0F4496D", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F6EEFF35-E903-4651-A4B4-D92FF26A7509", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "B44BD172-80FA-4260-BAFB-251A95E8C7B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "F09116D2-F168-4305-9A1D-88A1D42739A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "558E0B71-F79E-47B5-90CC-9C165BB15507", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "E8D7E102-DD54-43F2-B008-66F7C243477E", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "8066AB8C-1AE6-4DA3-91DB-4BF67DBBA279", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0DEEFFF7-DF7C-4641-81A9-1CD64DC29DEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2855B3F6-49B6-4D25-BEAC-4D1797D1E100", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "6C1F1993-70A2-4104-85AF-3BECB330AB24", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "E955458C-8F5C-4D55-9F78-9E1CB4416F10", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "866FF7AC-19EA-49E7-B423-9FF57839B580", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "2A1A64C7-B039-4724-B06C-EAC898EB3B73", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "C572E25A-4B44-426D-B637-292A08766D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "6D96D806-ED52-4010-9F5F-F84E33C245D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "643FC7D2-FC39-43FA-99E6-805553FE1DCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "E2B95519-0C9D-473C-912D-E350106DC4CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "DC603E1A-7882-45F0-9E8D-157F191C0FD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "E4F9321C-B442-4081-8E4A-62BAD95239A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "012A397B-004D-489C-B06D-C0D67E26B1CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "392E0C61-7718-4DBC-8F02-6F3C2CBE1783", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "D893CD1C-31D7-4F7F-BD0B-BEF75DCB2DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "324AE9D7-C41F-493E-A1AD-FCD869D29D51", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "68519B1F-F315-4BBD-A4A3-4E1956D81E85", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "EF745E93-A92E-4AD7-8D42-36E9387C6915", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "30E4B760-417E-45D1-9CE1-AEBC8936BDA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "BD0DA221-078A-49DC-B0F1-F318FD785664", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "D72BCA7B-6338-4A7C-AE71-E0B8F6C9F2F1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h."}, {"lang": "es", "value": "NetBIOS name services daemon (nmbd) en Samba 4.0.x anterior a 4.0.21 y 4.1.x anterior a 4.1.11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados que modifican la memoria din\u00e1mica, involucrando una operaci\u00f3n sizeof sobre una variable incorrecta en la macro unstrcpy en string_wrappers.h."}], "id": "CVE-2014-3560", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-08-06T18:55:05.683", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59583"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59610"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/59976"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.samba.org/samba/security/CVE-2014-3560"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/69021"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1030663"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2305-1"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95081"}, {"source": "secalert@redhat.com", "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605"}, {"source": "secalert@redhat.com", "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59583"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59610"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/59976"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.samba.org/samba/security/CVE-2014-3560"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/69021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1030663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2305-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : B5A6F2F3-4894-4392-8296-3B8DD2679084 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 142AD0DD-4CF3-4D74-9442-459CE3347E3A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:samba:samba:4.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6CB9C10B-284E-48CD-A524-1A6BF828AED9 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:samba:samba:4.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : F70DD815-1DAA-4025-8C97-32C7D06D8AB0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:samba:samba:4.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 8A37DA6E-6EB7-429B-ACE0-2B1220BD62C0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:samba:samba:4.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 3CA25E8C-9EFA-4A01-A2F0-CD63A39EDD08 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:samba:samba:4.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 41C33F47-0F28-4AE2-A895-82B5E0F4496D (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:samba:samba:4.1.5:*:*:*:*:*:*:* (string)

matchCriteriaId : F6EEFF35-E903-4651-A4B4-D92FF26A7509 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:samba:samba:4.1.6:*:*:*:*:*:*:* (string)

matchCriteriaId : B44BD172-80FA-4260-BAFB-251A95E8C7B4 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:samba:samba:4.1.7:*:*:*:*:*:*:* (string)

matchCriteriaId : F09116D2-F168-4305-9A1D-88A1D42739A0 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:samba:samba:4.1.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 558E0B71-F79E-47B5-90CC-9C165BB15507 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:samba:samba:4.1.9:*:*:*:*:*:*:* (string)

matchCriteriaId : E8D7E102-DD54-43F2-B008-66F7C243477E (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:samba:samba:4.1.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 8066AB8C-1AE6-4DA3-91DB-4BF67DBBA279 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:samba:samba:4.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0DEEFFF7-DF7C-4641-81A9-1CD64DC29DEC (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:samba:samba:4.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 2855B3F6-49B6-4D25-BEAC-4D1797D1E100 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:samba:samba:4.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 6C1F1993-70A2-4104-85AF-3BECB330AB24 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:samba:samba:4.0.3:*:*:*:*:*:*:* (string)

matchCriteriaId : E955458C-8F5C-4D55-9F78-9E1CB4416F10 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:samba:samba:4.0.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 866FF7AC-19EA-49E7-B423-9FF57839B580 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:samba:samba:4.0.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 2A1A64C7-B039-4724-B06C-EAC898EB3B73 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:samba:samba:4.0.6:*:*:*:*:*:*:* (string)

matchCriteriaId : C572E25A-4B44-426D-B637-292A08766D7F (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:samba:samba:4.0.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 6D96D806-ED52-4010-9F5F-F84E33C245D2 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:samba:samba:4.0.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 643FC7D2-FC39-43FA-99E6-805553FE1DCB (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:samba:samba:4.0.9:*:*:*:*:*:*:* (string)

matchCriteriaId : E2B95519-0C9D-473C-912D-E350106DC4CD (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:samba:samba:4.0.10:*:*:*:*:*:*:* (string)

matchCriteriaId : DC603E1A-7882-45F0-9E8D-157F191C0FD3 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:samba:samba:4.0.11:*:*:*:*:*:*:* (string)

matchCriteriaId : E4F9321C-B442-4081-8E4A-62BAD95239A1 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:samba:samba:4.0.12:*:*:*:*:*:*:* (string)

matchCriteriaId : 012A397B-004D-489C-B06D-C0D67E26B1CE (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:samba:samba:4.0.13:*:*:*:*:*:*:* (string)

matchCriteriaId : 392E0C61-7718-4DBC-8F02-6F3C2CBE1783 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:samba:samba:4.0.14:*:*:*:*:*:*:* (string)

matchCriteriaId : D893CD1C-31D7-4F7F-BD0B-BEF75DCB2DAA (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:samba:samba:4.0.15:*:*:*:*:*:*:* (string)

matchCriteriaId : 324AE9D7-C41F-493E-A1AD-FCD869D29D51 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:samba:samba:4.0.16:*:*:*:*:*:*:* (string)

matchCriteriaId : 68519B1F-F315-4BBD-A4A3-4E1956D81E85 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:samba:samba:4.0.17:*:*:*:*:*:*:* (string)

matchCriteriaId : EF745E93-A92E-4AD7-8D42-36E9387C6915 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:samba:samba:4.0.18:*:*:*:*:*:*:* (string)

matchCriteriaId : 30E4B760-417E-45D1-9CE1-AEBC8936BDA6 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:samba:samba:4.0.19:*:*:*:*:*:*:* (string)

matchCriteriaId : BD0DA221-078A-49DC-B0F1-F318FD785664 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:samba:samba:4.0.20:*:*:*:*:*:*:* (string)

matchCriteriaId : D72BCA7B-6338-4A7C-AE71-E0B8F6C9F2F1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. (string)

}

1 : { »

lang : es (string)

value : NetBIOS name services daemon (nmbd) en Samba 4.0.x anterior a 4.0.21 y 4.1.x anterior a 4.1.11 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados que modifican la memoria dinámica, involucrando una operación sizeof sobre una variable incorrecta en la macro unstrcpy en string_wrappers.h. (string)

}

]

id : CVE-2014-3560 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : ADJACENT_NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 7.9 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:A/AC:M/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 5.5 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-08-06T18:55:05.683 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html (string)

}

1 : { »

source : secalert@redhat.com (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html (string)

}

2 : { »

source : secalert@redhat.com (string)

url : http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html (string)

}

3 : { »

source : secalert@redhat.com (string)

url : http://secunia.com/advisories/59583 (string)

}

4 : { »

source : secalert@redhat.com (string)

url : http://secunia.com/advisories/59610 (string)

}

5 : { »

source : secalert@redhat.com (string)

url : http://secunia.com/advisories/59976 (string)

}

6 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.samba.org/samba/security/CVE-2014-3560 (string)

}

7 : { »

source : secalert@redhat.com (string)

url : http://www.securityfocus.com/bid/69021 (string)

}

8 : { »

source : secalert@redhat.com (string)

url : http://www.securitytracker.com/id/1030663 (string)

}

9 : { »

source : secalert@redhat.com (string)

url : http://www.ubuntu.com/usn/USN-2305-1 (string)

}

10 : { »

source : secalert@redhat.com (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1126010 (string)

}

11 : { »

source : secalert@redhat.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95081 (string)

}

12 : { »

source : secalert@redhat.com (string)

url : https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605 (string)

}

13 : { »

source : secalert@redhat.com (string)

url : https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2 (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/59583 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/59610 (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/59976 (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.samba.org/samba/security/CVE-2014-3560 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/69021 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1030663 (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2305-1 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1126010 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95081 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-94 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2014:1009", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "samba4-0:4.0.0-63.el6_5.rc4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-08-05T00:00:00Z"}, {"advisory": "RHSA-2014:1008", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.1.1-37.el7_0", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2014-08-05T00:00:00Z"}], "bugzilla": {"description": "samba: remote code execution in nmbd", "id": "1126010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126010"}, "csaw": false, "cvss": {"cvss_base_score": "7.9", "cvss_scoring_vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-119", "details": ["NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.", "A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges."], "name": "CVE-2014-3560", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "samba3x", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:rhel_eus:6.2", "fix_state": "Affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux Extended Update Support 6.2"}, {"cpe": "cpe:/o:redhat:rhel_eus:6.4", "fix_state": "Affected", "package_name": "samba4", "product_name": "Red Hat Enterprise Linux Extended Update Support 6.4"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Storage 2.1"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "samba", "product_name": "Red Hat Storage 3.0"}], "public_date": "2014-07-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3560\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3560\nhttps://www.samba.org/samba/security/CVE-2014-3560"], "statement": "This issue did not affect the versions of samba or samba3x as shipped with Red Hat Enterprise Linux 5, and the versions of samba as shipped with Red Hat Enterprise Linux 6, as it only affected Samba 4.0.0 and higher.", "threat_severity": "Important"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2014:1009 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : samba4-0:4.0.0-63.el6_5.rc4 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2014-08-05T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2014:1008 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : samba-0:4.1.1-37.el7_0 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2014-08-05T00:00:00Z (string)

}

]

bugzilla : { »

description : samba: remote code execution in nmbd (string)

id : 1126010 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1126010 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 7.9 (string)

cvss_scoring_vector : AV:A/AC:M/Au:N/C:C/I:C/A:C (string)

status : verified (string)

}

cwe : CWE-119 (string)

details : [ »

0 : NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h. (string)

1 : A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. (string)

]

name : CVE-2014-3560 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : samba (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Not affected (string)

package_name : samba3x (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Not affected (string)

package_name : samba (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

3 : { »

cpe : cpe:/o:redhat:rhel_eus:6.2 (string)

fix_state : Affected (string)

package_name : samba4 (string)

product_name : Red Hat Enterprise Linux Extended Update Support 6.2 (string)

}

4 : { »

cpe : cpe:/o:redhat:rhel_eus:6.4 (string)

fix_state : Affected (string)

package_name : samba4 (string)

product_name : Red Hat Enterprise Linux Extended Update Support 6.4 (string)

}

5 : { »

cpe : cpe:/a:redhat:storage:2.1 (string)

fix_state : Not affected (string)

package_name : samba (string)

product_name : Red Hat Storage 2.1 (string)

}

6 : { »

cpe : cpe:/a:redhat:storage:3 (string)

fix_state : Not affected (string)

package_name : samba (string)

product_name : Red Hat Storage 3.0 (string)

}

]

public_date : 2014-07-31T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2014-3560 https://nvd.nist.gov/vuln/detail/CVE-2014-3560 https://www.samba.org/samba/security/CVE-2014-3560 (string)

]

statement : This issue did not affect the versions of samba or samba3x as shipped with Red Hat Enterprise Linux 5, and the versions of samba as shipped with Red Hat Enterprise Linux 6, as it only affected Samba 4.0.0 and higher. (string)

threat_severity : Important (string)

}

Metrics

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object