CVE-2010-3069 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-129 — Improper Validation of Array Index CWE-121 — Stack-based Buffer Overflow7 documents7 sources

Severity

7.5HIGHNVD

EPSS

16.6%

top 5.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux

Timeline

PublishedSep 15

Latest updateMay 14

Description

Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDsamba/samba3.4.0 — 3.4.9+2

▶debiandebian/samba< samba 2:3.5.5~dfsg-1 (bookworm)

▶Debiansamba/samba< 2:3.5.5~dfsg-1+3

Also affects: Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10

🔴Vulnerability Details

GHSA

GHSA-378p-935f-rmpw: Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3↗2022-05-14

▶

OSV

CVE-2010-3069: Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3↗2010-09-15

▶

📋Vendor Advisories

Red Hat

Samba: Stack-based buffer overflow by processing specially-crafted SID records↗2010-09-14

▶

Ubuntu

Samba vulnerability↗2010-09-14

▶

Debian

CVE-2010-3069: samba - Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions...↗2010

▶

💬Community

Bugzilla

CVE-2010-3069 Samba: Stack-based buffer overflow by processing specially-crafted SID records↗2010-09-07

▶