Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 511764 (CVE-2014-0178) - <net-fs/samba-3.6.24: Uninitialized memory exposure (CVE-2014-{0178,0239})
Summary: <net-fs/samba-3.6.24: Uninitialized memory exposure (CVE-2014-{0178,0239})
Alias: CVE-2014-0178
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa]
Depends on: CVE-2014-0244
  Show dependency tree
Reported: 2014-05-29 07:59 UTC by Agostino Sarubbo
Modified: 2015-02-26 08:59 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-05-29 07:59:19 UTC
From ${URL} :

It was reported that Samba 3.6.6 to 4.1.7 are affected by a vulnerability
that allows an authenticated client to retrieve eight bytes of uninitialized
server memory when a shadow-copy VFS module is enabled.

In preparing a response to an authenticated FSCTL_GET_SHADOW_COPY_DATA
or FSCTL_SRV_ENUMERATE_SNAPSHOTS client request, affected versions of
Samba do not initialize 8 bytes of the 16 byte SRV_SNAPSHOT_ARRAY
response field. The uninitialized buffer is sent back to the client.

A non-default VFS module providing the get_shadow_copy_data_fn() hook
must be explicitly enabled for Samba to process the aforementioned
client requests. Therefore, only configurations with "shadow_copy" or
"shadow_copy2" specified for the "vfs objects" parameter are vulnerable.

To avoid the vulnerability, affected versions can be configured without
"shadow_copy" or "shadow_copy2" specified for the "vfs objects"
parameter. This is the default configuration.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2014-06-09 01:52:44 UTC
Samba Reference:

Samba 4.1.8 Available for Download

                   Release Notes for Samba 4.1.8
                           June 3, 2014

This is the latest stable release of Samba 4.1.

Please note that this bug fix release also addresses two minor security issues
without being a dedicated security release:

  o CVE-2014-0239: dns: Don't reply to replies (bug #10609).
  o CVE-2014-0178: Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response
    (bug #10549).

Please let us know when you are ready for stabilization.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 15:01:12 UTC
CVE-2014-0178 (
  Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8,
  when a certain vfs shadow copy configuration is enabled, does not properly
  initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote
  authenticated users to obtain potentially sensitive information from process
  memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2)
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-31 18:52:38 UTC
I don't see a fix for this upstream for the 3.6 series, specifically it is not mentioned in either nor
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-09-03 21:09:04 UTC
CVE-2014-0239 (
  The internal DNS server in Samba 4.x before 4.0.18 does not check the QR
  field in the header section of an incoming DNS message before sending a
  response, which allows remote attackers to cause a denial of service (CPU
  and bandwidth consumption) via a forged response packet that triggers a
  communication loop, a related issue to CVE-1999-0103.
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-02-23 21:46:07 UTC
*** Bug 541182 has been marked as a duplicate of this bug. ***
Comment 6 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2015-02-23 22:43:48 UTC
+*samba-4.1.17 (23 Feb 2015)
+*samba-4.0.25 (23 Feb 2015)
+*samba-3.6.25 (23 Feb 2015)
+  23 Feb 2015; Lars Wendler <> +samba-3.6.25.ebuild,
+  -samba-4.0.23.ebuild, -samba-4.0.24.ebuild, +samba-4.0.25.ebuild,
+  -samba-4.1.15.ebuild, -samba-4.1.16.ebuild, +samba-4.1.17.ebuild:
+  Security bump (bug #511764). Removed old.
Comment 7 Sergey Popov gentoo-dev 2015-02-24 08:16:52 UTC
Added to existing GLSA request
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2015-02-26 08:59:22 UTC
This issue was resolved and addressed in
 GLSA 201502-15 at
by GLSA coordinator Kristian Fiskerstrand (K_F).