IBM Support

Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2014-0178)

Created by Ana Gabriela I… on
Published URL:
https://www.ibm.com/support/pages/node/689935
689935

Security Bulletin


Summary

A fix is available for IBM SONAS, for the security issue that an attacker could obtain sensitive information by exploiting a vulnerability in Samba protocol server

Vulnerability Details

CVEID:
CVE-2014-0178

DESCRIPTION:
Samba protocol server is used in IBM SONAS to enable file management and authentication services for Microsoft Windows environments.

IBM SONAS includes a version of Samba that could allow a remote authenticated attacker to obtain sensitive information. An attacker could exploit this vulnerability to obtain sensitive information.

CVSS Base Score: 3.5
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/93455 for the current score

Affected Products and Versions

IBM SONAS
The product is affected when running a code releases 1.3.0.0 to 1.4.3.3

Remediation/Fixes

A fix for these issues is in version 1.4.3.4 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.4.3.4 or a later version, so that the fix gets applied.

Workarounds and Mitigations

Workaround(s) :
Avoid use of authentication servers which are not protected behind a firewall. This vulnerability can be exploited only by someone who is authenticated.

Mitigation(s) : None

Get Notified about Future Security Bulletins

References

Off

Change History

16 July 2014: First draft

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"STAV45","label":"Network Attached Storage (NAS)->Scale Out Network Attached Storage"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"1.4.3","Platform":[{"code":"PF016","label":"Linux"}],"Version":"1.4.3.4","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
17 June 2018

UID

ssg1S1004850