FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- remote code execution

Affected packages
4.0.0 <= samba4 < 4.0.21
4.1.0 <= samba41 < 4.1.11

Details

VuXML ID 89ff45e3-1a57-11e4-bebd-000c2980a9f3
Discovery 2014-07-31
Entry 2014-08-02

Samba developers report:

A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon. It may be possible to use this to generate a remote code execution vulnerability as the superuser (root).

References

CVE Name CVE-2014-3560
URL http://www.samba.org/samba/security/CVE-2014-3560