[SCM] Samba Website Repository - branch master updated

Karolin Seeger kseeger at samba.org
Fri Aug 1 04:53:56 MDT 2014


The branch, master has been updated
       via  f905b65 Add security advisory for CVE-2014-3560.
      from  f5ce199 Announce Samba 4.1.11 and 4.0.21.

http://gitweb.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit f905b653cd97130ff868824ac2b70d78f6657c25
Author: Karolin Seeger <kseeger at samba.org>
Date:   Fri Aug 1 12:53:40 2014 +0200

    Add security advisory for CVE-2014-3560.
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 security/CVE-2014-3560.html |   69 +++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 69 insertions(+), 0 deletions(-)
 create mode 100644 security/CVE-2014-3560.html


Changeset truncated at 500 lines:

diff --git a/security/CVE-2014-3560.html b/security/CVE-2014-3560.html
new file mode 100644
index 0000000..1954006
--- /dev/null
+++ b/security/CVE-2014-3560.html
@@ -0,0 +1,69 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+   <H2>CVE-2014-3560.html:</H2>
+
+<p>
+<pre>
+===========================================================
+== Subject:     Remote code execution in nmbd
+==
+== CVE ID#:     CVE-2014-3560
+==
+== Versions:    Samba 4.0.0 to 4.1.10
+==
+== Summary:     Samba 4.0.0 to 4.1.10 are affected by a
+==              remote code execution attack on
+==		unauthenticated nmbd NetBIOS name services.
+==
+===========================================================
+
+===========
+Description
+===========
+
+All current versions of Samba 4.x.x are vulnerable to a remote code
+execution vulnerability in the nmbd NetBIOS name services daemon.
+
+A malicious browser can send packets that may overwrite the heap of
+the target nmbd NetBIOS name services daemon. It may be possible to
+use this to generate a remote code execution vulnerability as the
+superuser (root).
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+  http://www.samba.org/samba/security/
+
+Additionally, Samba 4.1.11 and 4.0.21 have been issued as security
+releases to correct the defect. Patches against older Samba versions
+are available at http://samba.org/samba/patches/. Samba vendors and
+administrators running affected versions are advised to upgrade or
+apply the patch as soon as possible.
+
+==========
+Workaround
+==========
+
+Do not run nmbd, the NetBIOS name services daemon.
+
+=======
+Credits
+=======
+
+This problem was found and the fix provided by Volker Lendecke, a
+Samba Team member working for SerNet <vl at sernet.de>
+https://www.sernet.de.
+</pre>
+</body>
+</html>


-- 
Samba Website Repository


More information about the samba-cvs mailing list