Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
sambaSamba SecuritySAMBA:CVE-2013-4124
HistoryAug 05, 2013 - 12:00 a.m.

Denial of service - CPU loop and memory allocation.

2013-08-0500:00:00
Samba Security
www.samba.org
432

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.969 High

EPSS

Percentile

99.7%

JSON

Description

All current released versions of Samba are vulnerable to a denial of
service on an authenticated or guest connection. A malformed packet
can cause the smbd server to loop the CPU performing memory
allocations and preventing any further service.

A connection to a file share, or a local account is needed to exploit
this problem, either authenticated or unauthenticated if guest
connections are allowed.

This flaw is not exploitable beyond causing the code to loop
allocating memory, which may cause the machine to exceed memory
limits.

Patch Availability

A patch addressing this defect has been posted to

http://www.samba.org/samba/security/

Additionally, Samba 3.5.22, 3.6.17 and 4.0.8 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.

Workaround

None.

Credits

This problem was found by an internal audit of the Samba code by
Jeremy Allison of Google.

Related

nessus 31
securityvulns 3
zdt 1
openvas 42
veracode 2
slackware 1
seebug 2
ubuntucve 1
centos 4
freebsd 1
oraclelinux 4
ubuntu 1
debiancve 1
cve 1
checkpoint_advisories 1
prion 1
altlinux 3
fedora 8
redhat 4
suse 2
exploitpack 1
mageia 1
exploitdb 1
gentoo 1
nessus
nessus
FreeBSD : samba -- denial of service vulnerability (e21c7c7a-0116-11e3-9e83-3c970e169bc2)
2013-08-10 00:00:00
SuSE 11.2 Security Update : Samba (SAT Patch Number 8170)
2013-09-20 00:00:00
Mandriva Linux Security Advisory : samba (MDVSA-2013:207)
2013-08-07 00:00:00
securityvulns
securityvulns
Samba DoS
2013-08-28 00:00:00
[ MDVSA-2013:207 ] samba
2013-08-12 00:00:00
CVE-2013-4124 samba nttrans dos private exploit
2013-08-28 00:00:00
zdt
zdt
Samba nttrans Reply - Integer Overflow Vulnerability
2013-08-22 00:00:00
openvas
openvas
Ubuntu Update for samba USN-1966-1
2013-10-03 00:00:00
Fedora Update for samba FEDORA-2013-14312
2013-08-20 00:00:00
SuSE Update for update openSUSE-SU-2013:1349-1 (update)
2013-12-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:51:27
Cross-site Request Forgery (CSRF)
2019-05-02 04:58:49
slackware
slackware
[slackware-security] samba
2013-08-06 07:20:57
seebug
seebug
Samba nttrans Reply - Integer Overflow Vulnerability
2014-07-01 00:00:00
Samba 本地拒绝服务漏洞(CVE-2013-4124)
2013-08-11 00:00:00
ubuntucve
ubuntucve
CVE-2013-4124
2013-08-05 00:00:00
centos
centos
samba4 security update
2013-11-26 13:32:52
libsmbclient, samba security update
2013-11-26 13:32:51
libsmbclient, samba security update
2014-03-17 19:05:31
freebsd
freebsd
samba -- denial of service vulnerability
2013-08-05 00:00:00
oraclelinux
oraclelinux
samba4 security and bug fix update
2013-11-25 00:00:00
samba security update
2014-03-17 00:00:00
samba security, bug fix, and enhancement update
2013-11-25 00:00:00
ubuntu
ubuntu
Samba vulnerability
2013-09-24 00:00:00
debiancve
debiancve
CVE-2013-4124
2013-08-06 02:56:00
cve
cve
CVE-2013-4124
2013-08-06 02:56:00
checkpoint_advisories
checkpoint_advisories
Samba smbd read_nttrans_ea_list Infinite Allocation Loop Denial of Service (CVE-2013-4124)
2013-10-27 00:00:00
prion
prion
Integer overflow
2013-08-06 02:56:00
altlinux
altlinux
Security fix for the ALT Linux 8 package samba version 4.0.8-alt1
2013-08-07 00:00:00
Security fix for the ALT Linux 10 package samba version 4.0.8-alt1
2013-08-07 00:00:00
Security fix for the ALT Linux 8 package samba-DC version 4.0.8-alt1
2013-08-07 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: samba-4.0.8-1.fc19
2013-08-09 17:09:31
[SECURITY] Fedora 19 Update: samba-4.0.11-1.fc19
2013-11-21 04:37:11
[SECURITY] Fedora 18 Update: samba-4.0.8-1.fc18
2013-08-15 02:50:09
redhat
redhat
(RHSA-2013:1543) Moderate: samba4 security and bug fix update
2013-11-21 00:00:00
(RHSA-2013:1542) Moderate: samba security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2014:0305) Moderate: samba security update
2014-03-17 00:00:00
suse
suse
update for samba (important)
2013-08-16 15:04:40
update for samba (important)
2013-08-14 03:08:23
exploitpack
exploitpack
Samba 3.5.223.6.174.0.8 - nttrans Reply Integer Overflow
2013-08-22 00:00:00
mageia
mageia
Updated samba package fixes security vulnerability
2013-08-11 16:37:00
exploitdb
exploitdb
Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
2013-08-22 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2015-02-25 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.969 High

EPSS

Percentile

99.7%

JSON
Related for SAMBA:CVE-2013-4124
nessus31securityvulns3zdt1openvas42veracode2slackware1seebug2ubuntucve1centos4freebsd1oraclelinux4ubuntu1debiancve1cve1checkpoint_advisories1prion1altlinux3fedora8redhat4suse2exploitpack1mageia1exploitdb1gentoo1