CVE-2014-3560

Name of the Vulnerable Software and Affected Versions Samba versions 4.0.x through 4.0.20 Samba versions 4.1.x through 4.1.10 libsmbclient-devel version 4.1.1 samba-test version 4.1.1 samba-winbind version 4.1.1 samba-winbind-clients version 4.1.1 libwbclient-devel version 4.1.1 samba-debuginfo version 4.1.1 samba-winbind-modules version 4.1.1 samba-vfs-glusterfs version 4.1.1 samba-winbind-krb5-locator version 4.1.1 samba-dc-libs version 4.1.1 samba-client version 4.1.1 samba-libs version 4.1.1 samba-common version 4.1.1 samba-pidl version 4.1.1

Description The vulnerability in the NetBIOS name services daemon (nmbd) in Samba allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string wrappers.h. This can lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For Samba versions 4.0.x through 4.0.20, update to version 4.0.21 or later. For Samba versions 4.1.x through 4.1.10, update to version 4.1.11 or later. For libsmbclient-devel version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-test version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-winbind version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-winbind-clients version 4.1.1, update to a newer version that contains a fix for this vulnerability. For libwbclient-devel version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-debuginfo version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-winbind-modules version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-vfs-glusterfs version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-winbind-krb5-locator version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-dc-libs version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-client version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-libs version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-common version 4.1.1, update to a newer version that contains a fix for this vulnerability. For samba-pidl version 4.1.1, update to a newer version that contains a fix for this vulnerability.