Christof Schmitt

**Name of the Vulnerable Software and Affected Versions** Samba versions 3.6.6 through 3.6.23 Samba versions 4.0.x before 4.0.18 Samba versions 4.1.x before 4.1.8 **Description** The issue is related to the improper initialization of the SRV SNAPSHOT ARRAY response field in Samba when a certain vfs shadow copy configuration is enabled. This allows remote authenticated users to obtain potentially sensitive information from process memory via a FSCTL GET SHADOW COPY DATA or FSCTL SRV ENUMERATE SNAPSHOTS request. The vulnerability can lead to a breach of confidentiality, integrity, and availability of protected information. **Recommendations** For Samba versions 3.6.6 through 3.6.23, update to a version after 3.6.23. For Samba versions 4.0.x before 4.0.18, update to version 4.0.18 or later. For Samba versions 4.1.x before 4.1.8, update to version 4.1.8 or later. As a temporary workaround, consider disabling the vfs shadow copy configuration until a patch is available. Restrict access to the vulnerable Samba configuration to minimize the risk of exploitation. Avoid using the FSCTL GET SHADOW COPY DATA and FSCTL SRV ENUMERATE SNAPSHOTS requests in the affected Samba versions until the issue is resolved.