Denial of service - Server crash/memory corruption

ID SAMBA:CVE-2014-3493
Type samba
Reporter Samba
Modified 2014-06-23T00:00:00


All current released versions of Samba are vulnerable to a denial of service on the smbd file server daemon. Valid unicode path names stored on disk can cause smbd to crash if an authenticated client attempts to read them using a non-unicode request. The crash is caused by memory being overwritten by zeros at a 4GB offset from the expected return buffer area, due to an invalid return code from a bad unicode to Windows character set conversion. Currently it is not believed to be exploitable by an attacker, as there is no way to control the exact area of memory being overwritten. However, in the interests of safety this is being treated as a security issue.