What is the severity of CVE-2014-0178?

CVE-2014-0178 is classified as a medium severity vulnerability.

How do I fix CVE-2014-0178?

To fix CVE-2014-0178, upgrade Samba to version 4.0.18 or later, or 4.1.8 or later.

Which versions of Samba are affected by CVE-2014-0178?

CVE-2014-0178 affects Samba versions 3.6.6 through 3.6.23 and 4.0.x before 4.0.18, as well as 4.1.x before 4.1.8.

What kind of information can be compromised due to CVE-2014-0178?

CVE-2014-0178 may allow remote authenticated users to access sensitive information from process memory.

Is CVE-2014-0178 specific to certain Samba configurations?

Yes, CVE-2014-0178 occurs when a certain vfs shadow copy configuration is enabled.

Vulnerability/
CVE-2014-0178

low

3.5

CWE

665

28/5/2014

12/4/2025

CVE-2014-0178

First published: Wed May 28 2014(Updated: )

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Samba	>=3.6.6<3.6.25
Samba	>=4.0.0<4.0.18
Samba	>=4.1.0<4.1.8
Samba	=4.1.0
Samba	=4.1.1
Samba	=4.1.2
Samba	=4.1.3
Samba	=4.1.4
Samba	=4.1.5
Samba	=4.1.6
Samba	=4.1.7
Samba	=3.6.6
Samba	=3.6.7
Samba	=3.6.8
Samba	=3.6.9
Samba	=3.6.10
Samba	=3.6.11
Samba	=3.6.12
Samba	=3.6.13
Samba	=3.6.14
Samba	=3.6.15
Samba	=3.6.16
Samba	=3.6.17
Samba	=3.6.18
Samba	=3.6.19
Samba	=3.6.20
Samba	=3.6.21
Samba	=3.6.22
Samba	=3.6.23
	>=3.6.6<3.6.25
	>=4.0.0<4.0.18
	>=4.1.0<4.1.8
	=4.1.0
	=4.1.1
	=4.1.2
	=4.1.3
	=4.1.4
	=4.1.5
	=4.1.6
	=4.1.7
	=3.6.6
	=3.6.7
	=3.6.8
	=3.6.9
	=3.6.10
	=3.6.11
	=3.6.12
	=3.6.13
	=3.6.14
	=3.6.15
	=3.6.16
	=3.6.17
	=3.6.18
	=3.6.19
	=3.6.20
	=3.6.21
	=3.6.22
	=3.6.23

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0178?
CVE-2014-0178 is classified as a medium severity vulnerability.
How do I fix CVE-2014-0178?
To fix CVE-2014-0178, upgrade Samba to version 4.0.18 or later, or 4.1.8 or later.
Which versions of Samba are affected by CVE-2014-0178?
CVE-2014-0178 affects Samba versions 3.6.6 through 3.6.23 and 4.0.x before 4.0.18, as well as 4.1.x before 4.1.8.
What kind of information can be compromised due to CVE-2014-0178?
CVE-2014-0178 may allow remote authenticated users to access sensitive information from process memory.
Is CVE-2014-0178 specific to certain Samba configurations?
Yes, CVE-2014-0178 occurs when a certain vfs shadow copy configuration is enabled.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/severity
agent/description
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/event
vendor/samba
canonical/samba
version/samba/3.6.6
version/samba/4.0.0
version/samba/4.1.0
version/samba/4.1.1
version/samba/4.1.2
version/samba/4.1.3
version/samba/4.1.4
version/samba/4.1.5
version/samba/4.1.6
version/samba/4.1.7
version/samba/3.6.7
version/samba/3.6.8
version/samba/3.6.9
version/samba/3.6.10
version/samba/3.6.11
version/samba/3.6.12
version/samba/3.6.13
version/samba/3.6.14
version/samba/3.6.15
version/samba/3.6.16
version/samba/3.6.17
version/samba/3.6.18
version/samba/3.6.19
version/samba/3.6.20
version/samba/3.6.21
version/samba/3.6.22
version/samba/3.6.23