CVE-2014-0178 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2014-0178

CVE-2014-0178

Published:May 28, 2014

Updated:June 26, 2026

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

Related Resources (17)

http://www.mandriva.com/security/advisories?name=MDVSA-2014:136

http://advisories.mageia.org/MGASA-2014-0279.html

https://people.canonical.com/~ubuntu-security/cve/CVE-2014-0178

http://secunia.com/advisories/59407

http://security.gentoo.org/glsa/glsa-201502-15.xml

https://security-tracker.debian.org/tracker/CVE-2014-0178

http://www.mandriva.com/security/advisories?name=MDVSA-2015:082

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993

https://access.redhat.com/security/cve/CVE-2014-0178

http://www.securitytracker.com/id/1030308

http://secunia.com/advisories/59378