CVE-2010-1635 — Improper Synchronization in Samba

CWE-662 — Improper Synchronization CWE-362 — Race Condition CWE-672 — Operation on a Resource after Expiration or Release CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

12.7%

top 6.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedJun 17

Latest updateMay 14

Description

The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/samba< samba 2:3.6.1-2 (bookworm)

▶Debiansamba/samba< 2:3.6.1-2+3

▶NVDsamba/samba3.4.7+97

🔴Vulnerability Details

GHSA

GHSA-xvfw-jjhx-vm37: The chain_reply function in process↗2022-05-14

▶

OSV

CVE-2010-1635: The chain_reply function in process↗2010-06-17

▶

📋Vendor Advisories

Red Hat

samba: denial of service vulnerabilities↗2010-05-12

▶

Debian

CVE-2010-1635: samba - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x be...↗2010

▶

Red Hat

kernel: nfsv4: kernel panic in nfs4_proc_lock()↗2008-10-22

▶

💬Community

Bugzilla

CVE-2010-1635, CVE-2010-1642 samba: denial of service vulnerabilities↗2010-05-21

▶