CVE-2014-0178
5.5 Medium
AI Score
Confidence
Low
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.0%
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.
References
advisories.mageia.org/MGASA-2014-0279.html
lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
secunia.com/advisories/59378
secunia.com/advisories/59407
secunia.com/advisories/59579
security.gentoo.org/glsa/glsa-201502-15.xml
www.mandriva.com/security/advisories?name=MDVSA-2014:136
www.mandriva.com/security/advisories?name=MDVSA-2015:082
www.samba.org/samba/security/CVE-2014-0178
www.securityfocus.com/archive/1/532757/100/0/threaded
www.securityfocus.com/bid/67686
www.securitytracker.com/id/1030308
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
Social References
More
Related
5.5 Medium
AI Score
Confidence
Low
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.0%