Информационная безопасность
[RU] switch to English


Переполнение буфера в Samba
Опубликовано:20 июня 2010 г.
Источник:
SecurityVulns ID:10943
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера и DoS условия при разборе SMB-запроса.
Затронутые продукты:SAMBA : Samba 3.3
CVE:CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.)
 CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.)
 CVE-2010-1635 (The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 06.16.10: Samba 3.3.12 Memory Corruption Vulnerability (20.06.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород