Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-3560

Date: August 6, 2014

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in string_wrappers.h.

Language: C

Severity Score

Related Resources (19)

https://bugzilla.redhat.com/show_bug.cgi?id=1126010
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=fb1d325d96dfe9bc2e9c4ec46ad4c55e8f18f4a2
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
http://secunia.com/advisories/59610
http://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html
http://secunia.com/advisories/59583
https://nvd.nist.gov/vuln/detail/CVE-2014-3560
http://www.securitytracker.com/id/1030663
http://secunia.com/advisories/59976
https://people.canonical.com/~ubuntu-security/cve/CVE-2014-3560
https://exchange.xforce.ibmcloud.com/vulnerabilities/95081
https://git.samba.org/?p=samba.git%3Ba=commitdiff%3Bh=e6a848630da3ba958c442438ea131c99fa088605
http://www.ubuntu.com/usn/USN-2305-1
http://www.samba.org/samba/security/CVE-2014-3560
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html
http://www.securityfocus.com/bid/69021
https://access.redhat.com/security/cve/CVE-2014-3560
https://security-tracker.debian.org/tracker/CVE-2014-3560
https://www.mend.io/vulnerability-database/CVE-2014-3560

Severity Score

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:
Attack Vector (AV): ADJACENT_NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): ADJACENT
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us