CVE-2010-1635
Samba < 3.4.8 and 3.5.x < 3.5.2 - Denial of Service via Negotiate Protocol Request
Title source: llmDescription
The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.
References (10)
Core 10
Core References
Various Sources x_refsource_confirm
http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=25452a2268ac7013da28125f3df22085139af12d
Various Sources x_refsource_misc
http://www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29
Various Sources x_refsource_confirm
http://samba.org/samba/history/samba-3.4.8.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:141
Various Sources x_refsource_confirm
http://samba.org/samba/history/samba-3.5.2.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=594921
Issue Tracking x_refsource_confirm
https://bugzilla.samba.org/show_bug.cgi?id=7229
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40097
Third Party Advisory x_refsource_confirm
http://security-tracker.debian.org/tracker/CVE-2010-1635
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1933
Scores
EPSS
0.1266
EPSS Percentile
94.1%
Details
Status
published
Products (44)
samba/samba
3.0.0
samba/samba
3.0.1
samba/samba
3.0.2
samba/samba
3.0.2a
samba/samba
3.0.3
samba/samba
3.0.4 (2 CPE variants)
samba/samba
3.0.5
samba/samba
3.0.6
samba/samba
3.0.7
samba/samba
3.0.8
... and 34 more
Published
Jun 17, 2010
Tracked Since
Feb 18, 2026