[SCM] Samba Website Repository - branch master updated
Karolin Seeger
kseeger at samba.org
Fri Aug 1 04:53:56 MDT 2014
The branch, master has been updated
via f905b65 Add security advisory for CVE-2014-3560.
from f5ce199 Announce Samba 4.1.11 and 4.0.21.
http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f905b653cd97130ff868824ac2b70d78f6657c25
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Aug 1 12:53:40 2014 +0200
Add security advisory for CVE-2014-3560.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
-----------------------------------------------------------------------
Summary of changes:
security/CVE-2014-3560.html | 69 +++++++++++++++++++++++++++++++++++++++++++
1 files changed, 69 insertions(+), 0 deletions(-)
create mode 100644 security/CVE-2014-3560.html
Changeset truncated at 500 lines:
diff --git a/security/CVE-2014-3560.html b/security/CVE-2014-3560.html
new file mode 100644
index 0000000..1954006
--- /dev/null
+++ b/security/CVE-2014-3560.html
@@ -0,0 +1,69 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2014-3560.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject: Remote code execution in nmbd
+==
+== CVE ID#: CVE-2014-3560
+==
+== Versions: Samba 4.0.0 to 4.1.10
+==
+== Summary: Samba 4.0.0 to 4.1.10 are affected by a
+== remote code execution attack on
+== unauthenticated nmbd NetBIOS name services.
+==
+===========================================================
+
+===========
+Description
+===========
+
+All current versions of Samba 4.x.x are vulnerable to a remote code
+execution vulnerability in the nmbd NetBIOS name services daemon.
+
+A malicious browser can send packets that may overwrite the heap of
+the target nmbd NetBIOS name services daemon. It may be possible to
+use this to generate a remote code execution vulnerability as the
+superuser (root).
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 4.1.11 and 4.0.21 have been issued as security
+releases to correct the defect. Patches against older Samba versions
+are available at http://samba.org/samba/patches/. Samba vendors and
+administrators running affected versions are advised to upgrade or
+apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+Do not run nmbd, the NetBIOS name services daemon.
+
+=======
+Credits
+=======
+
+This problem was found and the fix provided by Volker Lendecke, a
+Samba Team member working for SerNet <vl at sernet.de>
+https://www.sernet.de.
+</pre>
+</body>
+</html>
--
Samba Website Repository
More information about the samba-cvs
mailing list