CVE-2010-1642
Samba < 3.4.8 and 3.5.x < 3.5.2 - Denial of Service via Malformed Session Setup AndX Request
Title source: llmDescription
The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.
References (10)
Core 10
Core References
Various Sources x_refsource_misc
http://www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29
Various Sources x_refsource_confirm
http://samba.org/samba/history/samba-3.4.8.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:141
Various Sources x_refsource_confirm
http://samba.org/samba/history/samba-3.5.2.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=594921
Various Sources x_refsource_confirm
http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9280051bfba337458722fb157f3082f93cbd9f2b
Third Party Advisory x_refsource_confirm
http://security-tracker.debian.org/tracker/CVE-2010-1642
Issue Tracking x_refsource_confirm
https://bugzilla.samba.org/show_bug.cgi?id=7254
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40097
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1933
Scores
EPSS
0.0505
EPSS Percentile
89.9%
Details
CWE
CWE-119
Status
published
Products (44)
samba/samba
3.0.0
samba/samba
3.0.1
samba/samba
3.0.2
samba/samba
3.0.2a
samba/samba
3.0.3
samba/samba
3.0.4 (2 CPE variants)
samba/samba
3.0.5
samba/samba
3.0.6
samba/samba
3.0.7
samba/samba
3.0.8
... and 34 more
Published
Jun 17, 2010
Tracked Since
Feb 18, 2026