Vulnerabilities > CVE-2014-0178 - Improper Initialization vulnerability in Samba
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Misc. NASL id SAMBA_4_0_18.NASL description According to its banner, the version of Samba running on the remote host is 4.x prior to 4.0.18 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to last seen 2020-06-01 modified 2020-06-02 plugin id 74242 published 2014-05-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74242 title Samba 4.x < 4.0.18 Multiple Vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-082.NASL description Updated samba packages fix security vulnerabilities : In Samba before 3.6.23, the SAMR server neglects to ensure that attempted password changes will update the bad password count, and does not set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication (CVE-2013-4496). Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS ame service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user) (CVE-2015-0240). last seen 2020-06-01 modified 2020-06-02 plugin id 82335 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82335 title Mandriva Linux Security Advisory : samba (MDVSA-2015:082) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2257-1.NASL description Christof Schmitt discovered that Samba incorrectly initialized a certain response field when vfs shadow copy was enabled. A remote authenticated attacker could use this issue to possibly obtain sensitive information. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2014-0178) It was discovered that the Samba internal DNS server incorrectly handled QR fields when processing incoming DNS messages. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-0239) Daniel Berteaud discovered that the Samba NetBIOS name service daemon incorrectly handled certain malformed packets. A remote attacker could use this issue to cause Samba to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0244) Simon Arlott discovered that Samba incorrectly handled certain unicode path names. A remote authenticated attacker could use this issue to cause Samba to stop responding, resulting in a denial of service. (CVE-2014-3493). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 76275 published 2014-06-27 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76275 title Ubuntu 10.04 LTS / 12.04 LTS / 13.10 / 14.04 LTS : samba vulnerabilities (USN-2257-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-449.NASL description samba was updated to fix three security issues and two non-security issues. 	 These security issues were fixed : - Fix segmentation fault in smbd_marshall_dir_entry() last seen 2020-06-05 modified 2014-07-02 plugin id 76340 published 2014-07-02 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76340 title openSUSE Security Update : samba (openSUSE-SU-2014:0857-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-136.NASL description Updated samba packages fix security vulnerabilities : Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled (CVE-2014-0178). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are vulnerable to a denial of service on the nmbd NetBIOS name services daemon. A malformed packet can cause the nmbd server to loop the CPU and prevent any further NetBIOS name service (CVE-2014-0244). Samba versions before 3.6.24, 4.0.19, and 4.1.9 are affected by a denial of service crash involving overwriting memory on an authenticated connection to the smbd file server (CVE-2014-3493). last seen 2020-06-01 modified 2020-06-02 plugin id 76480 published 2014-07-14 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76480 title Mandriva Linux Security Advisory : samba (MDVSA-2014:136) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1009.NASL description Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba last seen 2020-06-01 modified 2020-06-02 plugin id 77013 published 2014-08-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77013 title RHEL 6 : samba4 (RHSA-2014:1009) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0867.NASL description Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2014-0244) A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request. (CVE-2014-0178) It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. (CVE-2014-3493) Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-0178 and CVE-2014-3493. The Samba project acknowledges Christof Schmitt as the original reporter of CVE-2014-0178, and Simon Arlott as the original reporter of CVE-2014-3493. All Samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 76903 published 2014-07-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76903 title RHEL 7 : samba (RHSA-2014:0867) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-450.NASL description samba was updated to version 4.1.9 to fix four security issues and various non-security bugs. These security issues were fixed : - Fix nmbd denial of service (CVE-2014-0244) - Fix segmentation fault in smbd_marshall_dir_entry() last seen 2020-06-05 modified 2014-07-02 plugin id 76341 published 2014-07-02 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76341 title openSUSE Security Update : samba (openSUSE-SU-2014:0859-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1009.NASL description Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba last seen 2020-06-01 modified 2020-06-02 plugin id 77006 published 2014-08-06 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77006 title CentOS 6 : samba4 (CESA-2014:1009) NASL family SuSE Local Security Checks NASL id SUSE_11_CIFS-MOUNT-140627.NASL description Samba has been updated to fix two security issues and one non-security issue. These security issues have been fixed : - Fix segmentation fault in smbd_marshal_dir_entry() last seen 2020-06-05 modified 2014-07-16 plugin id 76523 published 2014-07-16 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76523 title SuSE 11.3 Security Update : Samba (SAT Patch Number 9451) NASL family Solaris Local Security Checks NASL id SOLARIS11_SAMBA_20140915.NASL description The remote Solaris system is missing necessary patches to address security updates : - Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. (CVE-2014-0178) last seen 2020-06-01 modified 2020-06-02 plugin id 80768 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80768 title Oracle Solaris Third-Party Patch Update : samba (cve_2014_0178_information_disclosure) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-175-04.NASL description New samba packages are available for Slackware 14.0, 14.1, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 76207 published 2014-06-25 reporter This script is Copyright (C) 2014 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76207 title Slackware 14.0 / 14.1 / current : samba (SSA:2014-175-04) NASL family Fedora Local Security Checks NASL id FEDORA_2014-7672.NASL description Update to Samba 4.1.9. Update to Samba 4.1.8 (CVE-2014-0178 samba: Uninitialized memory exposure) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-06-26 plugin id 76223 published 2014-06-26 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76223 title Fedora 20 : samba-4.1.9-3.fc20 (2014-7672) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201502-15.NASL description The remote host is affected by the vulnerability described in GLSA-201502-15 (Samba: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Samba. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, bypass intended file restrictions, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 81536 published 2015-02-26 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81536 title GLSA-201502-15 : Samba: Multiple vulnerabilities NASL family Misc. NASL id IBM_STORWIZE_1_5_0_2.NASL description The remote IBM Storwize device is running a version that is 1.3.x prior to 1.4.3.4 or 1.5.x prior to 1.5.0.2. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists due to a flaw in the bundled version of Apache HTTP Server. A remote attacker can exploit this, via partial HTTP requests, to cause a daemon outage, resulting in a denial of service condition. (CVE-2007-6750) - An HTTP request smuggling vulnerability exists due to a flaw in the bundled version of Apache Tomcat; when an HTTP connector or AJP connector is used, Tomcat fails to properly handle certain inconsistent HTTP request headers. A remote attacker can exploit this flaw, via multiple Content-Length headers or a Content-Length header and a last seen 2020-06-01 modified 2020-06-02 plugin id 84401 published 2015-06-26 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84401 title IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple Vulnerabilities NASL family Misc. NASL id SAMBA_4_1_8.NASL description According to its banner, the version of Samba running on the remote host is 3.5.x or 3.6.x prior to 3.6.25 / 4.1.x prior to 4.1.8. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to GET_SHADOW_COPY_DATA() and FSCTL_SRV_ENUMERATE_SNAPSHOTS() request handling in which the SRV_SNAPSHOT_ARRAY response field is not properly initialized. Therefore, configurations with last seen 2020-06-01 modified 2020-06-02 plugin id 74290 published 2014-06-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74290 title Samba 3.5.x / 3.6.x < 3.6.25 / 4.1.x < 4.1.8 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2014-9132.NASL description Update to Samba 4.0.21. CVE-2014-3560. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-20 plugin id 77268 published 2014-08-20 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77268 title Fedora 19 : samba-4.0.21-1.fc19 (2014-9132) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2966.NASL description Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server : - CVE-2014-0178 Information leak vulnerability in the VFS code, allowing an authenticated user to retrieve eight bytes of uninitialized memory when shadow copy is enabled. - CVE-2014-0244 Denial of service (infinite CPU loop) in the nmbd Netbios name service daemon. A malformed packet can cause the nmbd server to enter an infinite loop, preventing it to process later requests to the Netbios name service. - CVE-2014-3493 Denial of service (daemon crash) in the smbd file server daemon. An authenticated user attempting to read a Unicode path using a non-Unicode request can force the daemon to overwrite memory at an invalid address. last seen 2020-03-17 modified 2014-06-24 plugin id 76194 published 2014-06-24 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76194 title Debian DSA-2966-1 : samba - security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1009.NASL description From Red Hat Security Advisory 2014:1009 : Updated samba4 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba last seen 2020-06-01 modified 2020-06-02 plugin id 77010 published 2014-08-06 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77010 title Oracle Linux 6 : samba4 (ELSA-2014-1009) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-0867.NASL description From Red Hat Security Advisory 2014:0867 : Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2014-0244) A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request. (CVE-2014-0178) It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. (CVE-2014-3493) Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-0178 and CVE-2014-3493. The Samba project acknowledges Christof Schmitt as the original reporter of CVE-2014-0178, and Simon Arlott as the original reporter of CVE-2014-3493. All Samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 76740 published 2014-07-24 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76740 title Oracle Linux 7 : samba (ELSA-2014-0867) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-0867.NASL description Updated samba packages that fix three security issues are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Samba is an open source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2014-0244) A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request. (CVE-2014-0178) It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. (CVE-2014-3493) Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-0178 and CVE-2014-3493. The Samba project acknowledges Christof Schmitt as the original reporter of CVE-2014-0178, and Simon Arlott as the original reporter of CVE-2014-3493. All Samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 76432 published 2014-07-10 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76432 title CentOS 7 : samba (CESA-2014:0867)
Redhat
| rpms |
|
References
- http://advisories.mageia.org/MGASA-2014-0279.html
- http://advisories.mageia.org/MGASA-2014-0279.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
- http://secunia.com/advisories/59378
- http://secunia.com/advisories/59378
- http://secunia.com/advisories/59407
- http://secunia.com/advisories/59407
- http://secunia.com/advisories/59579
- http://secunia.com/advisories/59579
- http://security.gentoo.org/glsa/glsa-201502-15.xml
- http://security.gentoo.org/glsa/glsa-201502-15.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:136
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:136
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:082
- http://www.samba.org/samba/security/CVE-2014-0178
- http://www.samba.org/samba/security/CVE-2014-0178
- http://www.securityfocus.com/archive/1/532757/100/0/threaded
- http://www.securityfocus.com/archive/1/532757/100/0/threaded
- http://www.securityfocus.com/bid/67686
- http://www.securityfocus.com/bid/67686
- http://www.securitytracker.com/id/1030308
- http://www.securitytracker.com/id/1030308
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993