Rapid7 VulnDB

RHSA-2014:1009: samba4 security update

Back to Search

RHSA-2014:1009: samba4 security update

Severity
8
CVSS
(AV:A/AC:M/Au:N/C:C/I:C/A:C)
Published
08/06/2014
Created
07/25/2018
Added
08/22/2014
Modified
07/04/2017

Description

Samba is an open-source implementation of the Server Message Block (SMB) orCommon Internet File System (CIFS) protocol, which allows PC-compatiblemachines to share files, printers, and other information.A heap-based buffer overflow flaw was found in Samba's NetBIOS messageblock daemon (nmbd). An attacker on the local network could use this flawto send specially crafted packets that, when processed by nmbd, couldpossibly lead to arbitrary code execution with root privileges.(CVE-2014-3560)All Samba users are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing thisupdate, the smb service will be restarted automatically.

Solution(s)

  • redhat-upgrade-samba4
  • redhat-upgrade-samba4-client
  • redhat-upgrade-samba4-common
  • redhat-upgrade-samba4-dc
  • redhat-upgrade-samba4-dc-libs
  • redhat-upgrade-samba4-debuginfo
  • redhat-upgrade-samba4-devel
  • redhat-upgrade-samba4-libs
  • redhat-upgrade-samba4-pidl
  • redhat-upgrade-samba4-python
  • redhat-upgrade-samba4-swat
  • redhat-upgrade-samba4-test
  • redhat-upgrade-samba4-winbind
  • redhat-upgrade-samba4-winbind-clients
  • redhat-upgrade-samba4-winbind-krb5-locator

References

  • redhat-upgrade-samba4
  • redhat-upgrade-samba4-client
  • redhat-upgrade-samba4-common
  • redhat-upgrade-samba4-dc
  • redhat-upgrade-samba4-dc-libs
  • redhat-upgrade-samba4-debuginfo
  • redhat-upgrade-samba4-devel
  • redhat-upgrade-samba4-libs
  • redhat-upgrade-samba4-pidl
  • redhat-upgrade-samba4-python
  • redhat-upgrade-samba4-swat
  • redhat-upgrade-samba4-test
  • redhat-upgrade-samba4-winbind
  • redhat-upgrade-samba4-winbind-clients
  • redhat-upgrade-samba4-winbind-krb5-locator

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;