Univention Bugzilla – Bug 35546
samba: Buffer overflow (3.2)
Last modified: 2014-08-04 16:22:21 CEST
o CVE-2014-3560: All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon. A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon. It may be possible to use this to generate a remote code execution vulnerability as the superuser (root).
https://www.samba.org/samba/security/CVE-2014-3560
Patch applied, Advisory: 2014-08-04-samba.yaml
Ok: * samba built in errata3.2-2 with the patch applied. * patch identical to upstream * ucs-test -s samba4 and samba-common ok * Advisory Ok.
http://errata.univention.de/ucs/3.2/156.html