CVE-2013-4124

Samba 3.x-3.5.21, 3.6.x-3.6.16, 4.x-4.0.7 - Denial of Service via Malformed NTTRANS Packet

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-4124. PoCs published by x90c, Jeremy Allison, dz_lnly, including Metasploit module auxiliary/dos/samba/read_nttrans_ea_list.

AI-analyzed exploit summary This exploit targets an integer overflow vulnerability in Samba's NTTRANS reply handling, specifically in the `read_nttrans_ea_list` function. It sends a malformed SMB packet with a large offset value to trigger an integer wrap, leading to a remote denial-of-service (DoS).

Description

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Exploits (2)

exploitdb WORKING POC

by x90c · textdoslinux

https://www.exploit-db.com/exploits/27778

View Code ZIP pw:eip

This exploit targets an integer overflow vulnerability in Samba's NTTRANS reply handling, specifically in the `read_nttrans_ea_list` function. It sends a malformed SMB packet with a large offset value to trigger an integer wrap, leading to a remote denial-of-service (DoS).

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Samba versions 3.5.22 and below, 3.6.17 and below, 4.0.8 and below

No auth needed

Prerequisites: Network access to the target Samba server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by Jeremy Allison, dz_lnly · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/samba/read_nttrans_ea_list.rb

View Code ZIP pw:eip

This Metasploit module exploits an integer overflow in Samba's read_nttrans_ea_list function (CVE-2013-4124) by sending malformed packets to trigger a denial-of-service (memory exhaustion). It requires the 'ea support' option to be enabled on the target share.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8

Auth required

Prerequisites: SMB access to target share · ea support enabled on target share

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (24)

Core 24

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201502-15.xml

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=141660010015249&w=2

Vendor Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

Vendor Advisory x_refsource_confirm

http://www.samba.org/samba/security/CVE-2013-4124

Vendor Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591.html

Vendor Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.html

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html

Vendor Advisory x_refsource_confirm

http://www.samba.org/samba/history/samba-4.0.8.html

Vendor Advisory x_refsource_confirm

http://www.samba.org/samba/history/samba-3.6.17.html

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1966-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1028882

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-0305.html

Vendor Advisory x_refsource_confirm

http://www.samba.org/samba/history/samba-3.5.22.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/86185

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:207

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=984401

Vendor Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/54519

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1310.html

Patch x_refsource_confirm

http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1542.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/95969

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1543.html

Scores

EPSS 0.6901

EPSS Percentile 99.3%

Details

CWE

CWE-189

Status published

Products (40)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 12.10

canonical/ubuntu_linux 13.04

fedoraproject/fedora 18

fedoraproject/fedora 19

opensuse/opensuse 12.2

opensuse/opensuse 12.3

redhat/enterprise_linux 5

samba/samba 3.0.0

... and 30 more

Published Aug 06, 2013

Tracked Since Feb 18, 2026