Vulnerability CVE-2014-2830

Vulnerability Name:

CVE-2014-2830 (CCN-92552)

Assigned:

2014-04-11

Published:

2014-04-11

Updated:

2017-07-01

Summary:

Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.1 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: CONFIRM
Type: UNKNOWN
http://advisories.mageia.org/MGASA-2014-0242.html

Source: MITRE
Type: CNA
CVE-2014-2830

Source: MLIST
Type: UNKNOWN
[oss-security] 20140411 Re: pam_cifscreds stack overflow

Source: CCN
Type: cifs-utils Web page
cifs-utils

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2015:114

Source: CCN
Type: BID-66743
'pam_cifscreds' PAM Module 'cifskey.c' Stack Buffer Overflow Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugs.mageia.org/show_bug.cgi?id=13386

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.novell.com/show_bug.cgi?id=870168

Source: CCN
Type: Red Hat Bugzilla Bug 1086224
CVE-2014-2830 cifs-utils: stack-based buffer overflow flaw in pam_cifscreds

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=1086224

Source: XF
Type: UNKNOWN
cifsutils-cve20142830-bo(92552)

Source: MLIST
Type: UNKNOWN
[samba-technical] 20140711 ANNOUNCE: cifs-utils release 6.4 ready for download

Source: GENTOO
Type: UNKNOWN
GLSA-201612-08

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-2830

Vulnerable Configuration:

Configuration 1:

cpe:/a:debian:cifs-utils:*:*:*:*:*:*:*:* (Version <= 6.3)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20142830	V	CVE-2014-2830	2022-05-20
oval:org.opensuse.security:def:30129	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:33717	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:33963	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:29409	P	Security update for fetchmail (Moderate)	2021-08-18
oval:org.opensuse.security:def:30085	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:33660	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:30066	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:30027	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:34021	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:29923	P	Security update for libexif (Moderate)	2020-12-01
oval:org.opensuse.security:def:33564	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:29327	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:34178	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34856	P	Security update for cifs-utils (Important)	2020-12-01
oval:org.opensuse.security:def:29627	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:33337	P	Security update for openssl1	2020-12-01
oval:org.opensuse.security:def:30767	P	Security update for aspell (Moderate)	2020-12-01
oval:org.opensuse.security:def:34070	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29770	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:33429	P	Security update for cpio	2020-12-01
oval:org.opensuse.security:def:29326	P	Security update for clamsap (Moderate)	2020-12-01
oval:org.opensuse.security:def:34134	P	Security update for ntp (Moderate)	2020-12-01
oval:org.opensuse.security:def:29978	P	Security update for libsndfile (Moderate)	2020-12-01
oval:org.opensuse.security:def:29338	P	Security update for spacewalk	2020-12-01
oval:org.opensuse.security:def:34816	P	Security update for apport (Moderate)	2020-12-01
oval:org.opensuse.security:def:33806	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:29540	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:33336	P	Security update for curl	2020-12-01
oval:org.opensuse.security:def:29684	P	Security update for elfutils	2020-12-01
oval:org.opensuse.security:def:33348	P	Security update for openssh-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30804	P	Security update for cifs-utils (Important)	2020-12-01
oval:org.opensuse.security:def:34109	P	Security update for mutt	2020-12-01
oval:com.ubuntu.precise:def:20142830000	V	CVE-2014-2830 on Ubuntu 12.04 LTS (precise) - medium.	2015-03-31
oval:com.ubuntu.xenial:def:201428300000000	V	CVE-2014-2830 on Ubuntu 16.04 LTS (xenial) - medium.	2015-03-31
oval:com.ubuntu.trusty:def:20142830000	V	CVE-2014-2830 on Ubuntu 14.04 LTS (trusty) - medium.	2015-03-31
oval:com.ubuntu.xenial:def:20142830000	V	CVE-2014-2830 on Ubuntu 16.04 LTS (xenial) - medium.	2015-03-31

BACK