1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2014-3493.html:</H2>
15 ===========================================================
16 == Subject: Denial of service - Server crash/memory corruption
18 == CVE ID#: CVE-2014-3493
20 == Versions: Samba 3.6.0 - 4.1.8 (inclusive)
22 == Summary: Samba 3.6.x to 4.1.8 are affected by a
23 == denial of service crash involving overwriting
24 == memory on an authenticated connection to the
27 ===========================================================
33 All current released versions of Samba are vulnerable to a denial of
34 service on the smbd file server daemon.
36 Valid unicode path names stored on disk can cause smbd to
37 crash if an authenticated client attempts to read them
38 using a non-unicode request.
40 The crash is caused by memory being overwritten by
41 zeros at a 4GB offset from the expected return buffer
42 area, due to an invalid return code from a bad unicode
43 to Windows character set conversion.
45 Currently it is not believed to be exploitable by
46 an attacker, as there is no way to control the
47 exact area of memory being overwritten. However,
48 in the interests of safety this is being treated
55 A patch addressing this defect has been posted to
57 http://www.samba.org/samba/security/
59 Additionally, Samba 4.1.9, 4.0.19 and 3.6.24 have been issued as
60 security releases to correct the defect. Patches against older Samba
61 versions are available at http://samba.org/samba/patches/. Samba
62 vendors and administrators running affected versions are advised to
63 upgrade or apply the patch as soon as possible.
75 This problem was found and reported by Simon Arlott. The analysis
76 and fix were provided by Jeremy Allison of Google.