CVE-2014-0178

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

Published: May 28, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-0178
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:P/I:N/A:N

CWEs:

CWE-665

Affected Software
References

Software	From	Fixed in
samba / samba	4.1.0	4.1.8
samba / samba	4.0.0	4.0.18
samba / samba	3.6.6	3.6.25
samba / samba	4.1.7	4.1.7.x
samba / samba	4.1.5	4.1.5.x
samba / samba	4.1.6	4.1.6.x
samba / samba	4.1.4	4.1.4.x
samba / samba	4.1.0	4.1.0.x
samba / samba	4.1.2	4.1.2.x
samba / samba	4.1.3	4.1.3.x
samba / samba	4.1.1	4.1.1.x
samba / samba	3.6.17	3.6.17.x
samba / samba	3.6.10	3.6.10.x
samba / samba	3.6.23	3.6.23.x
samba / samba	3.6.9	3.6.9.x
samba / samba	3.6.11	3.6.11.x
samba / samba	3.6.19	3.6.19.x
samba / samba	3.6.16	3.6.16.x
samba / samba	3.6.12	3.6.12.x
samba / samba	3.6.8	3.6.8.x
samba / samba	3.6.7	3.6.7.x
samba / samba	3.6.13	3.6.13.x
samba / samba	3.6.22	3.6.22.x
samba / samba	3.6.6	3.6.6.x
samba / samba	3.6.15	3.6.15.x
samba / samba	3.6.20	3.6.20.x
samba / samba	3.6.18	3.6.18.x
samba / samba	3.6.21	3.6.21.x
samba / samba	3.6.14	3.6.14.x

Vulnerability Database

289,697

CVE-2014-0178