=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN151
_____________________________________________________________________

DATE                : 05/08/2014

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Samba versions prior to 4.1.11,
                                          4.0.21.

======================================================================
http://www.samba.org/samba/security/CVE-2014-3560
______________________________________________________________________

CVE-2014-3560.html:

===========================================================
== Subject:     Remote code execution in nmbd
==
== CVE ID#:     CVE-2014-3560
==
== Versions:    Samba 4.0.0 to 4.1.10
==
== Summary:     Samba 4.0.0 to 4.1.10 are affected by a
==              remote code execution attack on
==		unauthenticated nmbd NetBIOS name services.
==
===========================================================

===========
Description
===========

All current versions of Samba 4.x.x are vulnerable to a remote code
execution vulnerability in the nmbd NetBIOS name services daemon.

A malicious browser can send packets that may overwrite the heap of
the target nmbd NetBIOS name services daemon. It may be possible to
use this to generate a remote code execution vulnerability as the
superuser (root).

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 4.1.11 and 4.0.21 have been issued as security
releases to correct the defect. Patches against older Samba versions
are available at http://samba.org/samba/patches/. Samba vendors and
administrators running affected versions are advised to upgrade or
apply the patch as soon as possible.

==========
Workaround
==========

Do not run nmbd, the NetBIOS name services daemon.

=======
Credits
=======

This problem was found and the fix provided by Volker Lendecke, a
Samba Team member working for SerNet <vl@sernet.de>
https://www.sernet.de.


=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================