IBMA85F75B82BC64E3CE236CCF2AE22A83794677A5D831591263924F88B459DF59BSecurity Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2014-0178)
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N
Summary
A fix is available for IBM SONAS, for the security issue that an attacker could obtain sensitive information by exploiting a vulnerability in Samba protocol server
Vulnerability Details
CVEID:
CVE-2014-0178
DESCRIPTION:
Samba protocol server is used in IBM SONAS to enable file management and authentication services for Microsoft Windows environments.
IBM SONAS includes a version of Samba that could allow a remote authenticated attacker to obtain sensitive information. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 3.5
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/93455 for the current score
Affected Products and Versions
IBM SONAS
The product is affected when running a code releases 1.3.0.0 to 1.4.3.3
Remediation/Fixes
A fix for these issues is in version 1.4.3.4 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.4.3.4 or a later version, so that the fix gets applied.
Workarounds and Mitigations
Workaround(s) :
Avoid use of authentication servers which are not protected behind a firewall. This vulnerability can be exploited only by someone who is authenticated.
Mitigation(s) : None
| CPE | Name | Operator | Version |
|---|---|---|---|
| network attached storage (nas)->scale out network attached storage | eq | 1.4.3.4 |
Related
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:N/A:N