CVE-2014-3493

Name of the Vulnerable Software and Affected Versions Samba versions 3.6.x through 3.6.23 Samba versions 4.0.x through 4.0.18 Samba versions 4.1.x through 4.1.8 samba3x-client version 3.6.6 samba4-client version 4.0.0 samba4-test version 4.0.0 samba3x-swat version 3.6.6 samba4-winbind-clients version 4.0.0 samba3x-common version 3.6.6 samba4-winbind version 4.0.0 samba4-devel version 4.0.0 samba4-common version 4.0.0 samba4-libs version 4.0.0 samba4-python version 4.0.0 samba3x-debuginfo version 3.6.6 samba4-debuginfo version 4.0.0 samba3x-domainjoin-gui version 3.6.6 samba3x-winbind-devel version 3.6.6 samba3x-winbind version 3.6.6

Description The issue is related to multiple vulnerabilities in the Samba software, which can lead to a disruption of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited by remote authenticated users, potentially causing a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode. This leads to a character-set conversion failure that triggers an invalid pointer dereference.

Recommendations For Samba versions 3.6.x through 3.6.23, update to version 3.6.24 or later. For Samba versions 4.0.x through 4.0.18, update to version 4.0.19 or later. For Samba versions 4.1.x through 4.1.8, update to version 4.1.9 or later. For samba3x-client version 3.6.6, update to a newer version. For samba4-client version 4.0.0, update to a newer version. For samba4-test version 4.0.0, update to a newer version. For samba3x-swat version 3.6.6, update to a newer version. For samba4-winbind-clients version 4.0.0, update to a newer version. For samba3x-common version 3.6.6, update to a newer version. For samba4-winbind version 4.0.0, update to a newer version. For samba4-devel version 4.0.0, update to a newer version. For samba4-common version 4.0.0, update to a newer version. For samba4-libs version 4.0.0, update to a newer version. For samba4-python version 4.0.0, update to a newer version. For samba3x-debuginfo version 3.6.6, update to a newer version. For samba4-debuginfo version 4.0.0, update to a newer version. For samba3x-domainjoin-gui version 3.6.6, update to a newer version. For samba3x-winbind-devel version 3.6.6, update to a newer version. For samba3x-winbind version 3.6.6, update to a newer version. As a temporary workaround, consider disabling the push ascii function in smbd until a patch is available.