Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2014-0178

Опубликовано: 28 мая 2014
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 3.5

Описание

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

РелизСтатусПримечание
devel

not-affected

2:4.1.8+dfsg-1ubuntu1
esm-infra-legacy/trusty

released

2:4.1.6+dfsg-1ubuntu2.14.04.2
esm-infra/xenial

not-affected

2:4.1.8+dfsg-1ubuntu1
lucid

not-affected

code not present
precise

not-affected

code not present
precise/esm

not-affected

code not present
saucy

released

2:3.6.18-1ubuntu3.3
trusty

released

2:4.1.6+dfsg-1ubuntu2.14.04.2
trusty/esm

released

2:4.1.6+dfsg-1ubuntu2.14.04.2
upstream

released

3.6.23,4.0.18,4.1.8

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

DNE

lucid

ignored

end of life
precise

ignored

end of life
precise/esm

DNE

precise was needed
saucy

ignored

end of life
trusty

DNE

trusty/esm

DNE

upstream

released

3.6.23,4.0.18,4.1.8
utopic

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 84%
0.02227
Низкий

3.5 Low

CVSS2

Связанные уязвимости

redhat логотип

CVE-2014-0178

redhat
больше 11 лет назад

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

nvd логотип

CVE-2014-0178

nvd
больше 11 лет назад

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

debian логотип

CVE-2014-0178

debian
больше 11 лет назад

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1. ...

github логотип

GHSA-f9qr-2qwc-jwpc

github
больше 3 лет назад

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

fstec логотип

BDU:2015-00386

fstec
больше 11 лет назад

Уязвимость программного обеспечения Samba, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации

EPSS

Процентиль: 84%
0.02227
Низкий

3.5 Low

CVSS2