CVE-2010-1642

2010-06-1716:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-1642

samba

security

denial of service

nvd

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.412 Medium

EPSS

Percentile

97.3%

JSON

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

CPENameOperatorVersion
samba:sambasambaeq3.0.19
samba:sambasambaeq3.0.14a
samba:sambasambaeq3.0.27
samba:sambasambaeq3.0.31
samba:sambasambaeq3.0.3
samba:sambasambaeq3.0.8
samba:sambasambaeq3.2.15
samba:sambasambaeq3.3.3
samba:sambasambaeq3.5.1
samba:sambasambaeq3.0.29

CPE	Name	Operator	Version
samba:samba	samba	eq	3.0.19
samba:samba	samba	eq	3.0.14a
samba:samba	samba	eq	3.0.27
samba:samba	samba	eq	3.0.31
samba:samba	samba	eq	3.0.3
samba:samba	samba	eq	3.0.8
samba:samba	samba	eq	3.2.15
samba:samba	samba	eq	3.3.3
samba:samba	samba	eq	3.5.1
samba:samba	samba	eq	3.0.29