Lucene search

[email protected]NVD:CVE-2010-1642

HistoryJun 17, 2010 - 4:30 p.m.

CVE-2010-1642

2010-06-1716:30:01

CWE-119

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.337 Low

EPSS

Percentile

97.1%

JSON

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

Affected configurations

NVD

Node

sambasambaRange≤3.4.7

sambasambaMatch3.0.0

sambasambaMatch3.0.1

sambasambaMatch3.0.2

sambasambaMatch3.0.2a

sambasambaMatch3.0.3

sambasambaMatch3.0.4

sambasambaMatch3.0.4rc1

sambasambaMatch3.0.5

sambasambaMatch3.0.6

sambasambaMatch3.0.7

sambasambaMatch3.0.8

sambasambaMatch3.0.9

sambasambaMatch3.0.10

sambasambaMatch3.0.11

sambasambaMatch3.0.12

sambasambaMatch3.0.13

sambasambaMatch3.0.14

sambasambaMatch3.0.14a

sambasambaMatch3.0.15

sambasambaMatch3.0.16

sambasambaMatch3.0.17

sambasambaMatch3.0.18

sambasambaMatch3.0.19

sambasambaMatch3.0.20

sambasambaMatch3.0.20a

sambasambaMatch3.0.20b

sambasambaMatch3.0.21

sambasambaMatch3.0.21a

sambasambaMatch3.0.21b

sambasambaMatch3.0.21c

sambasambaMatch3.0.22

sambasambaMatch3.0.23

sambasambaMatch3.0.23a

sambasambaMatch3.0.23b

sambasambaMatch3.0.23c

sambasambaMatch3.0.23d

sambasambaMatch3.0.24

sambasambaMatch3.0.25

sambasambaMatch3.0.25pre1

sambasambaMatch3.0.25pre2

sambasambaMatch3.0.25rc1

sambasambaMatch3.0.25rc2

sambasambaMatch3.0.25rc3

sambasambaMatch3.0.25a

sambasambaMatch3.0.25b

sambasambaMatch3.0.25c

sambasambaMatch3.0.26

sambasambaMatch3.0.26a

sambasambaMatch3.0.27

sambasambaMatch3.0.27a

sambasambaMatch3.0.28

sambasambaMatch3.0.28a

sambasambaMatch3.0.29

sambasambaMatch3.0.30

sambasambaMatch3.0.31

sambasambaMatch3.0.32

sambasambaMatch3.0.33

sambasambaMatch3.0.34

sambasambaMatch3.0.35

sambasambaMatch3.0.36

sambasambaMatch3.0.37

sambasambaMatch3.1.0

sambasambaMatch3.2

sambasambaMatch3.2.0

sambasambaMatch3.2.1

sambasambaMatch3.2.2

sambasambaMatch3.2.3

sambasambaMatch3.2.4

sambasambaMatch3.2.5

sambasambaMatch3.2.6

sambasambaMatch3.2.7

sambasambaMatch3.2.8

sambasambaMatch3.2.9

sambasambaMatch3.2.10

sambasambaMatch3.2.11

sambasambaMatch3.2.12

sambasambaMatch3.2.13

sambasambaMatch3.2.14

sambasambaMatch3.2.15

sambasambaMatch3.3

sambasambaMatch3.3.0

sambasambaMatch3.3.1

sambasambaMatch3.3.2

sambasambaMatch3.3.3

sambasambaMatch3.3.4

sambasambaMatch3.3.5

sambasambaMatch3.3.6

sambasambaMatch3.3.7

sambasambaMatch3.3.8

sambasambaMatch3.3.9

sambasambaMatch3.3.10

sambasambaMatch3.3.11

sambasambaMatch3.4

sambasambaMatch3.4.0

sambasambaMatch3.4.1

sambasambaMatch3.4.2

sambasambaMatch3.4.3

sambasambaMatch3.4.4

sambasambaMatch3.4.5

sambasambaMatch3.4.6

sambasambaMatch3.5

sambasambaMatch3.5.0

sambasambaMatch3.5.1

References

git.samba.org/?p=samba.git%3Ba=commit%3Bh=9280051bfba337458722fb157f3082f93cbd9f2b

samba.org/samba/history/samba-3.4.8.html

samba.org/samba/history/samba-3.5.2.html

security-tracker.debian.org/tracker/CVE-2010-1642

www.mandriva.com/security/advisories?name=MDVSA-2010:141

www.securityfocus.com/bid/40097

www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29

www.vupen.com/english/advisories/2010/1933

bugzilla.redhat.com/show_bug.cgi?id=594921

bugzilla.samba.org/show_bug.cgi?id=7254

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.4 Medium

AI Score

Confidence

High

0.337 Low

EPSS

Percentile

97.1%

JSON

Related for NVD:CVE-2010-1642

cve1 ubuntucve1 prion1 debiancve1 cvelist1 nessus3 openvas6 securityvulns1 suse1 gentoo1