CVE-2010-1642 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

5.1%

top 10.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedJun 17

Latest updateMay 14

Description

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/samba< samba 2:3.5.4~dfsg-2 (bookworm)

▶Debiansamba/samba< 2:3.5.4~dfsg-2+3

▶NVDsamba/samba3.4.7+97

🔴Vulnerability Details

GHSA

GHSA-vh9v-2237-6qc2: The reply_sesssetup_and_X_spnego function in sesssetup↗2022-05-14

▶

OSV

CVE-2010-1642: The reply_sesssetup_and_X_spnego function in sesssetup↗2010-06-17

▶

💥Exploits & PoCs

Exploit-DB

Shadow Stream Recorder 3.0.1.7 - '.asx' Local Buffer Overflow↗2010-03-30

▶

📋Vendor Advisories

Red Hat

samba: denial of service vulnerabilities↗2010-05-12

▶

Debian

CVE-2010-1642: samba - The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before...↗2010

▶

💬Community

Bugzilla

CVE-2010-1635, CVE-2010-1642 samba: denial of service vulnerabilities↗2010-05-21

▶