Lucene search

K

PRIOn knowledge basePRION:CVE-2014-0178

HistoryMay 28, 2014 - 4:58 a.m.

Server side request forgery (ssrf)

2014-05-2804:58:00

PRIOn knowledge base

www.prio-n.com

7

6.1 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.6%

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

CPENameOperatorVersion
sambage4.1.0
sambalt4.1.8
sambage4.0.0
sambalt4.0.18
sambage3.6.6
sambalt3.6.25
sambaeq4.1.7
sambaeq4.1.5
sambaeq4.1.6
sambaeq4.1.4

Rows per page:

1-10 of 321

References

advisories.mageia.org/MGASA-2014-0279.html

secunia.com/advisories/59378

secunia.com/advisories/59407

secunia.com/advisories/59579

security.gentoo.org/glsa/glsa-201502-15.xml

www.mandriva.com/security/advisories?name=MDVSA-2014:136

www.mandriva.com/security/advisories?name=MDVSA-2015:082

www.securityfocus.com/archive/1/532757/100/0/threaded

www.securityfocus.com/bid/67686

www.securitytracker.com/id/1030308

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html

www.samba.org/samba/security/CVE-2014-0178

6.1 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.6%

Related for PRION:CVE-2014-0178

ibm2 nessus22 openvas18 samba1 veracode1 ubuntucve1 cve1 debiancve1 altlinux3 osv1 oraclelinux2 redhat2 centos2 debian1 mageia1 ubuntu1 securityvulns2 slackware1 fedora5 gentoo1