Lucene search

[email protected]NVD:CVE-2010-1635

HistoryJun 17, 2010 - 4:30 p.m.

CVE-2010-1635

2010-06-1716:30:01

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.368 Low

EPSS

Percentile

97.2%

JSON

The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.

Affected configurations

NVD

Node

sambasambaRange≤3.4.7

sambasambaMatch3.0.0

sambasambaMatch3.0.1

sambasambaMatch3.0.2

sambasambaMatch3.0.2a

sambasambaMatch3.0.3

sambasambaMatch3.0.4

sambasambaMatch3.0.4rc1

sambasambaMatch3.0.5

sambasambaMatch3.0.6

sambasambaMatch3.0.7

sambasambaMatch3.0.8

sambasambaMatch3.0.9

sambasambaMatch3.0.10

sambasambaMatch3.0.11

sambasambaMatch3.0.12

sambasambaMatch3.0.13

sambasambaMatch3.0.14

sambasambaMatch3.0.14a

sambasambaMatch3.0.15

sambasambaMatch3.0.16

sambasambaMatch3.0.17

sambasambaMatch3.0.18

sambasambaMatch3.0.19

sambasambaMatch3.0.20

sambasambaMatch3.0.20a

sambasambaMatch3.0.20b

sambasambaMatch3.0.21

sambasambaMatch3.0.21a

sambasambaMatch3.0.21b

sambasambaMatch3.0.21c

sambasambaMatch3.0.22

sambasambaMatch3.0.23

sambasambaMatch3.0.23a

sambasambaMatch3.0.23b

sambasambaMatch3.0.23c

sambasambaMatch3.0.23d

sambasambaMatch3.0.24

sambasambaMatch3.0.25

sambasambaMatch3.0.25pre1

sambasambaMatch3.0.25pre2

sambasambaMatch3.0.25rc1

sambasambaMatch3.0.25rc2

sambasambaMatch3.0.25rc3

sambasambaMatch3.0.25a

sambasambaMatch3.0.25b

sambasambaMatch3.0.25c

sambasambaMatch3.0.26

sambasambaMatch3.0.26a

sambasambaMatch3.0.27

sambasambaMatch3.0.27a

sambasambaMatch3.0.28

sambasambaMatch3.0.28a

sambasambaMatch3.0.29

sambasambaMatch3.0.30

sambasambaMatch3.0.31

sambasambaMatch3.0.32

sambasambaMatch3.0.33

sambasambaMatch3.0.34

sambasambaMatch3.0.35

sambasambaMatch3.0.36

sambasambaMatch3.0.37

sambasambaMatch3.1.0

sambasambaMatch3.2

sambasambaMatch3.2.0

sambasambaMatch3.2.1

sambasambaMatch3.2.2

sambasambaMatch3.2.3

sambasambaMatch3.2.4

sambasambaMatch3.2.5

sambasambaMatch3.2.6

sambasambaMatch3.2.7

sambasambaMatch3.2.8

sambasambaMatch3.2.9

sambasambaMatch3.2.10

sambasambaMatch3.2.11

sambasambaMatch3.2.12

sambasambaMatch3.2.13

sambasambaMatch3.2.14

sambasambaMatch3.2.15

sambasambaMatch3.3

sambasambaMatch3.3.0

sambasambaMatch3.3.1

sambasambaMatch3.3.2

sambasambaMatch3.3.3

sambasambaMatch3.3.4

sambasambaMatch3.3.5

sambasambaMatch3.3.6

sambasambaMatch3.3.7

sambasambaMatch3.3.8

sambasambaMatch3.3.9

sambasambaMatch3.3.10

sambasambaMatch3.3.11

sambasambaMatch3.4

sambasambaMatch3.4.0

sambasambaMatch3.4.1

sambasambaMatch3.4.2

sambasambaMatch3.4.3

sambasambaMatch3.4.4

sambasambaMatch3.4.5

sambasambaMatch3.4.6

sambasambaMatch3.5

sambasambaMatch3.5.0

sambasambaMatch3.5.1

References

git.samba.org/?p=samba.git%3Ba=commit%3Bh=25452a2268ac7013da28125f3df22085139af12d

samba.org/samba/history/samba-3.4.8.html

samba.org/samba/history/samba-3.5.2.html

security-tracker.debian.org/tracker/CVE-2010-1635

www.mandriva.com/security/advisories?name=MDVSA-2010:141

www.securityfocus.com/bid/40097

www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29

www.vupen.com/english/advisories/2010/1933

bugzilla.redhat.com/show_bug.cgi?id=594921

bugzilla.samba.org/show_bug.cgi?id=7229

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.368 Low

EPSS

Percentile

97.2%

JSON

Related for NVD:CVE-2010-1635

debiancve1 ubuntucve1 cve1 prion1 cvelist1 openvas5 nessus3 securityvulns1 gentoo1