CVE-2010-1642

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 89%
VendorProductVersion
sambasamba
𝑥
≤ 3.4.7
sambasamba
3.0.0
sambasamba
3.0.1
sambasamba
3.0.2
sambasamba
3.0.2a:a
sambasamba
3.0.3
sambasamba
3.0.4
sambasamba
3.0.4:rc1
sambasamba
3.0.5
sambasamba
3.0.6
sambasamba
3.0.7
sambasamba
3.0.8
sambasamba
3.0.9
sambasamba
3.0.10
sambasamba
3.0.11
sambasamba
3.0.12
sambasamba
3.0.13
sambasamba
3.0.14
sambasamba
3.0.14a:a
sambasamba
3.0.15
sambasamba
3.0.16
sambasamba
3.0.17
sambasamba
3.0.18
sambasamba
3.0.19
sambasamba
3.0.20
sambasamba
3.0.20a:a
sambasamba
3.0.20b:b
sambasamba
3.0.21
sambasamba
3.0.21a:a
sambasamba
3.0.21b:b
sambasamba
3.0.21c:c
sambasamba
3.0.22
sambasamba
3.0.23
sambasamba
3.0.23a:a
sambasamba
3.0.23b:b
sambasamba
3.0.23c:c
sambasamba
3.0.23d:d
sambasamba
3.0.24
sambasamba
3.0.25
sambasamba
3.0.25:pre1
sambasamba
3.0.25:pre2
sambasamba
3.0.25:rc1
sambasamba
3.0.25:rc2
sambasamba
3.0.25:rc3
sambasamba
3.0.25a:a
sambasamba
3.0.25b:b
sambasamba
3.0.25c:c
sambasamba
3.0.26
sambasamba
3.0.26a:a
sambasamba
3.0.27
sambasamba
3.0.27a:a
sambasamba
3.0.28
sambasamba
3.0.28a:a
sambasamba
3.0.29
sambasamba
3.0.30
sambasamba
3.0.31
sambasamba
3.0.32
sambasamba
3.0.33
sambasamba
3.0.34
sambasamba
3.0.35
sambasamba
3.0.36
sambasamba
3.0.37
sambasamba
3.1.0
sambasamba
3.2
sambasamba
3.2.0
sambasamba
3.2.1
sambasamba
3.2.2
sambasamba
3.2.3
sambasamba
3.2.4
sambasamba
3.2.5
sambasamba
3.2.6
sambasamba
3.2.7
sambasamba
3.2.8
sambasamba
3.2.9
sambasamba
3.2.10
sambasamba
3.2.11
sambasamba
3.2.12
sambasamba
3.2.13
sambasamba
3.2.14
sambasamba
3.2.15
sambasamba
3.3
sambasamba
3.3.0
sambasamba
3.3.1
sambasamba
3.3.2
sambasamba
3.3.3
sambasamba
3.3.4
sambasamba
3.3.5
sambasamba
3.3.6
sambasamba
3.3.7
sambasamba
3.3.8
sambasamba
3.3.9
sambasamba
3.3.10
sambasamba
3.3.11
sambasamba
3.4
sambasamba
3.4.0
sambasamba
3.4.1
sambasamba
3.4.2
sambasamba
3.4.3
sambasamba
3.4.4
sambasamba
3.4.5
sambasamba
3.4.6
sambasamba
3.5
sambasamba
3.5.0
sambasamba
3.5.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
lucid
ignored
karmic
ignored
jaunty
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9280051bfba337458722fb157f3082f93cbd9f2b
http://samba.org/samba/history/samba-3.4.8.html
http://samba.org/samba/history/samba-3.5.2.html
http://security-tracker.debian.org/tracker/CVE-2010-1642
http://www.mandriva.com/security/advisories?name=MDVSA-2010:141
http://www.securityfocus.com/bid/40097
http://www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29
http://www.vupen.com/english/advisories/2010/1933
https://bugzilla.redhat.com/show_bug.cgi?id=594921
https://bugzilla.samba.org/show_bug.cgi?id=7254
http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=9280051bfba337458722fb157f3082f93cbd9f2b
http://samba.org/samba/history/samba-3.4.8.html
http://samba.org/samba/history/samba-3.5.2.html
http://security-tracker.debian.org/tracker/CVE-2010-1642
http://www.mandriva.com/security/advisories?name=MDVSA-2010:141
http://www.securityfocus.com/bid/40097
http://www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29
http://www.vupen.com/english/advisories/2010/1933
https://bugzilla.redhat.com/show_bug.cgi?id=594921
https://bugzilla.samba.org/show_bug.cgi?id=7254