Back to search
CVE-2014-3493
Published: Jun 23, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of Unicode, leading to a character-set conversion failure that triggers an invalid pointer dereference.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDVSA-2014:136
vendor-advisory
x_refsource_MANDRIVA
RHSA-2014:0866
vendor-advisory
x_refsource_REDHAT
FEDORA-2014-9132
vendor-advisory
x_refsource_FEDORA
61218
third-party-advisory
x_refsource_SECUNIA
59834
third-party-advisory
x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-0866.html
x_refsource_CONFIRM
59848
third-party-advisory
x_refsource_SECUNIA
20140711 [ MDVSA-2014:136 ] samba
mailing-list
x_refsource_BUGTRAQ
GLSA-201502-15
vendor-advisory
x_refsource_GENTOO
68150
vdb-entry
x_refsource_BID
59407
third-party-advisory
x_refsource_SECUNIA
FEDORA-2014-7672
vendor-advisory
x_refsource_FEDORA
59433
third-party-advisory
x_refsource_SECUNIA
59919
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=1108748
x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0279.html
x_refsource_CONFIRM
59378
third-party-advisory
x_refsource_SECUNIA
MDVSA-2015:082
vendor-advisory
x_refsource_MANDRIVA
59579
third-party-advisory
x_refsource_SECUNIA
http://www.samba.org/samba/security/CVE-2014-3493
x_refsource_CONFIRM
1030455
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now