Lucene search
RedhatCVE-2013-4124HistoryAug 06, 2013 - 2:56 a.m.
CVE-2013-4124
2013-08-0602:56:00
CWE-189
redhat
web.nvd.nist.gov
143
cve-2013-4124
integer overflow
read_nttrans_ea_list
smbd
samba 3.x
denial of service
memory consumption
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.7
Confidence
Low
EPSS
0.969
Percentile
99.7%
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Affected configurations
Node
canonicalubuntu_linuxMatch10.04lts
ORcanonicalubuntu_linuxMatch12.04lts
ORcanonicalubuntu_linuxMatch12.10
ORcanonicalubuntu_linuxMatch13.04
Node
redhatenterprise_linuxMatch5
Node
fedoraprojectfedoraMatch18
ORfedoraprojectfedoraMatch19
Node
sambasambaMatch3.0.0
ORsambasambaMatch3.0.1
ORsambasambaMatch3.0.2
ORsambasambaMatch3.0.2a
ORsambasambaMatch3.0.2a
ORsambasambaMatch3.0.3
ORsambasambaMatch3.0.4
ORsambasambaMatch3.0.4rc1
ORsambasambaMatch3.0.5
ORsambasambaMatch3.0.6
ORsambasambaMatch3.0.7
ORsambasambaMatch3.0.8
ORsambasambaMatch3.0.9
ORsambasambaMatch3.0.10
ORsambasambaMatch3.0.11
ORsambasambaMatch3.0.12
ORsambasambaMatch3.0.13
ORsambasambaMatch3.0.14
ORsambasambaMatch3.0.14a
ORsambasambaMatch3.0.14a
ORsambasambaMatch3.0.15
ORsambasambaMatch3.0.16
ORsambasambaMatch3.0.17
ORsambasambaMatch3.0.18
ORsambasambaMatch3.0.19
ORsambasambaMatch3.0.20
ORsambasambaMatch3.0.20a
ORsambasambaMatch3.0.20b
ORsambasambaMatch3.0.20a
ORsambasambaMatch3.0.20b
ORsambasambaMatch3.0.21
ORsambasambaMatch3.0.21a
ORsambasambaMatch3.0.21b
ORsambasambaMatch3.0.21c
ORsambasambaMatch3.0.21a
ORsambasambaMatch3.0.21b
ORsambasambaMatch3.0.21c
ORsambasambaMatch3.0.22
ORsambasambaMatch3.0.23
ORsambasambaMatch3.0.23a
ORsambasambaMatch3.0.23b
ORsambasambaMatch3.0.23c
ORsambasambaMatch3.0.23d
ORsambasambaMatch3.0.23a
ORsambasambaMatch3.0.23b
ORsambasambaMatch3.0.23c
ORsambasambaMatch3.0.23d
ORsambasambaMatch3.0.24
ORsambasambaMatch3.0.25
ORsambasambaMatch3.0.25a
ORsambasambaMatch3.0.25b
ORsambasambaMatch3.0.25c
ORsambasambaMatch3.0.25pre1
ORsambasambaMatch3.0.25pre2
ORsambasambaMatch3.0.25rc1
ORsambasambaMatch3.0.25rc2
ORsambasambaMatch3.0.25rc3
ORsambasambaMatch3.0.25a
ORsambasambaMatch3.0.25b
ORsambasambaMatch3.0.25c
ORsambasambaMatch3.0.26
ORsambasambaMatch3.0.26a
ORsambasambaMatch3.0.26a
ORsambasambaMatch3.0.27
ORsambasambaMatch3.0.27a
ORsambasambaMatch3.0.28
ORsambasambaMatch3.0.28a
ORsambasambaMatch3.0.29
ORsambasambaMatch3.0.30
ORsambasambaMatch3.0.31
ORsambasambaMatch3.0.32
ORsambasambaMatch3.0.33
ORsambasambaMatch3.0.34
ORsambasambaMatch3.0.35
ORsambasambaMatch3.0.36
ORsambasambaMatch3.0.37
ORsambasambaMatch3.1.0
ORsambasambaMatch3.2.0
ORsambasambaMatch3.2.1
ORsambasambaMatch3.2.2
ORsambasambaMatch3.2.3
ORsambasambaMatch3.2.4
ORsambasambaMatch3.2.5
ORsambasambaMatch3.2.6
ORsambasambaMatch3.2.7
ORsambasambaMatch3.2.8
ORsambasambaMatch3.2.9
ORsambasambaMatch3.2.10
ORsambasambaMatch3.2.11
ORsambasambaMatch3.2.12
ORsambasambaMatch3.2.13
ORsambasambaMatch3.2.14
ORsambasambaMatch3.2.15
ORsambasambaMatch3.3.0
ORsambasambaMatch3.3.1
ORsambasambaMatch3.3.2
ORsambasambaMatch3.3.3
ORsambasambaMatch3.3.4
ORsambasambaMatch3.3.5
ORsambasambaMatch3.3.6
ORsambasambaMatch3.3.7
ORsambasambaMatch3.3.8
ORsambasambaMatch3.3.9
ORsambasambaMatch3.3.10
ORsambasambaMatch3.3.11
ORsambasambaMatch3.3.12
ORsambasambaMatch3.3.13
ORsambasambaMatch3.3.14
ORsambasambaMatch3.3.15
ORsambasambaMatch3.3.16
ORsambasambaMatch3.4.0
ORsambasambaMatch3.4.1
ORsambasambaMatch3.4.2
ORsambasambaMatch3.4.3
ORsambasambaMatch3.4.4
ORsambasambaMatch3.4.5
ORsambasambaMatch3.4.6
ORsambasambaMatch3.4.7
ORsambasambaMatch3.4.8
ORsambasambaMatch3.4.9
ORsambasambaMatch3.4.10
ORsambasambaMatch3.4.11
ORsambasambaMatch3.4.12
ORsambasambaMatch3.4.13
ORsambasambaMatch3.4.14
ORsambasambaMatch3.4.15
ORsambasambaMatch3.4.16
ORsambasambaMatch3.4.17
ORsambasambaMatch3.5.0
ORsambasambaMatch3.5.1
ORsambasambaMatch3.5.2
ORsambasambaMatch3.5.10
ORsambasambaMatch3.5.11
ORsambasambaMatch3.5.12
ORsambasambaMatch3.5.13
ORsambasambaMatch3.5.14
ORsambasambaMatch3.5.15
ORsambasambaMatch3.5.16
ORsambasambaMatch3.5.17
ORsambasambaMatch3.5.18
ORsambasambaMatch3.5.19
ORsambasambaMatch3.5.20
ORsambasambaMatch3.5.21
ORsambasambaMatch3.6.0
ORsambasambaMatch3.6.1
ORsambasambaMatch3.6.2
ORsambasambaMatch3.6.3
ORsambasambaMatch3.6.4
ORsambasambaMatch3.6.5
ORsambasambaMatch3.6.6
ORsambasambaMatch3.6.7
ORsambasambaMatch3.6.8
ORsambasambaMatch3.6.9
ORsambasambaMatch3.6.10
ORsambasambaMatch3.6.11
ORsambasambaMatch3.6.12
ORsambasambaMatch3.6.13
ORsambasambaMatch3.6.14
ORsambasambaMatch3.6.15
ORsambasambaMatch3.6.16
ORsambasambaMatch4.0.0
ORsambasambaMatch4.0.1
ORsambasambaMatch4.0.2
ORsambasambaMatch4.0.3
ORsambasambaMatch4.0.4
ORsambasambaMatch4.0.5
ORsambasambaMatch4.0.6
ORsambasambaMatch4.0.7
Node
opensuseopensuseMatch12.2
ORopensuseopensuseMatch12.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| canonical | ubuntu_linux | 10.04 | cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 12.04 | cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 12.10 | cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 13.04 | cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 5 | cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:* |
| fedoraproject | fedora | 18 | cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:* |
| fedoraproject | fedora | 19 | cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:* |
| samba | samba | 3.0.0 | cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:* |
| samba | samba | 3.0.1 | cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:* |
| samba | samba | 3.0.2 | cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:* |
References
archives.neohapsis.com/archives/bugtraq/2013-08/0028.html
ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch
lists.fedoraproject.org/pipermail/package-announce/2013-August/113591.html
lists.fedoraproject.org/pipermail/package-announce/2013-August/114011.html
lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.html
lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.html
marc.info/?l=bugtraq&m=141660010015249&w=2
osvdb.org/95969
rhn.redhat.com/errata/RHSA-2013-1310.html
rhn.redhat.com/errata/RHSA-2013-1542.html
rhn.redhat.com/errata/RHSA-2013-1543.html
rhn.redhat.com/errata/RHSA-2014-0305.html
secunia.com/advisories/54519
security.gentoo.org/glsa/glsa-201502-15.xml
www.mandriva.com/security/advisories?name=MDVSA-2013:207
www.samba.org/samba/history/samba-3.5.22.html
www.samba.org/samba/history/samba-3.6.17.html
www.samba.org/samba/history/samba-4.0.8.html
www.samba.org/samba/security/CVE-2013-4124
www.securitytracker.com/id/1028882
www.ubuntu.com/usn/USN-1966-1
bugzilla.redhat.com/show_bug.cgi?id=984401
exchange.xforce.ibmcloud.com/vulnerabilities/86185
Related
nessus
nessus
SuSE 11.2 Security Update : Samba (SAT Patch Number 8170)
2013-09-20 00:00:00
Mandriva Linux Security Advisory : samba (MDVSA-2013:207)
2013-08-07 00:00:00
openvas
openvas
SuSE Update for update openSUSE-SU-2013:1349-1 (update)
2013-12-10 00:00:00
Ubuntu Update for samba USN-1966-1
2013-10-03 00:00:00
Fedora Update for samba FEDORA-2013-14312
2013-08-20 00:00:00
slackware
slackware
[slackware-security] samba
2013-08-06 07:20:57
securityvulns
securityvulns
Samba DoS
2013-08-28 00:00:00
[ MDVSA-2013:207 ] samba
2013-08-12 00:00:00
CVE-2013-4124 samba nttrans dos private exploit
2013-08-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:51:27
Cross-site Request Forgery (CSRF)
2019-05-02 04:58:49
samba
samba
Denial of service - CPU loop and memory allocation.
2013-08-05 00:00:00
zdt
zdt
Samba nttrans Reply - Integer Overflow Vulnerability
2013-08-22 00:00:00
packetstorm
packetstorm
Samba read_nttrans_ea_list Integer Overflow
2024-08-31 00:00:00
freebsd
freebsd
samba -- denial of service vulnerability
2013-08-05 00:00:00
oraclelinux
oraclelinux
samba4 security and bug fix update
2013-11-25 00:00:00
samba security update
2014-03-17 00:00:00
samba security, bug fix, and enhancement update
2013-11-25 00:00:00
centos
centos
samba4 security update
2013-11-26 13:32:52
libsmbclient, samba security update
2014-03-17 19:05:31
samba3x security update
2013-10-07 12:45:09
seebug
seebug
Samba nttrans Reply - Integer Overflow Vulnerability
2014-07-01 00:00:00
Samba 本地拒绝服务漏洞(CVE-2013-4124)
2013-08-11 00:00:00
ubuntucve
ubuntucve
CVE-2013-4124
2013-08-05 00:00:00
ubuntu
ubuntu
Samba vulnerability
2013-09-24 00:00:00
debiancve
debiancve
CVE-2013-4124
2013-08-06 02:56:00
cvelist
cvelist
CVE-2013-4124
2013-08-05 15:00:00
metasploit
metasploit
Samba read_nttrans_ea_list Integer Overflow
2013-08-28 20:11:34
checkpoint_advisories
checkpoint_advisories
prion
prion
Integer overflow
2013-08-06 02:56:00
fedora
fedora
[SECURITY] Fedora 19 Update: samba-4.0.8-1.fc19
2013-08-09 17:09:31
[SECURITY] Fedora 19 Update: samba-4.0.11-1.fc19
2013-11-21 04:37:11
[SECURITY] Fedora 18 Update: samba-4.0.8-1.fc18
2013-08-15 02:50:09
altlinux
altlinux
Security fix for the ALT Linux 8 package samba version 4.0.8-alt1
2013-08-07 00:00:00
Security fix for the ALT Linux 10 package samba version 4.0.8-alt1
2013-08-07 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.0.8-alt1
2013-08-07 00:00:00
redhat
redhat
(RHSA-2013:1543) Moderate: samba4 security and bug fix update
2013-11-21 00:00:00
(RHSA-2014:0305) Moderate: samba security update
2014-03-17 00:00:00
(RHSA-2013:1310) Moderate: samba3x security and bug fix update
2013-09-30 16:52:28
suse
suse
update for samba (important)
2013-08-14 03:08:23
update for samba (important)
2013-08-16 15:04:40
exploitpack
exploitpack
Samba 3.5.223.6.174.0.8 - nttrans Reply Integer Overflow
2013-08-22 00:00:00
mageia
mageia
Updated samba package fixes security vulnerability
2013-08-11 16:37:00
nvd
nvd
CVE-2013-4124
2013-08-06 02:56:00
exploitdb
exploitdb
Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
2013-08-22 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2015-02-25 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
AI Score
6.7
Confidence
Low
EPSS
0.969
Percentile
99.7%
Related for CVE-2013-4124