CVE-2013-4124

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
canonicalubuntu_linux
10.04
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
sambasamba
3.0.0
sambasamba
3.0.1
sambasamba
3.0.2
sambasamba
3.0.2:a
sambasamba
3.0.2a:a
sambasamba
3.0.3
sambasamba
3.0.4
sambasamba
3.0.4:rc1
sambasamba
3.0.5
sambasamba
3.0.6
sambasamba
3.0.7
sambasamba
3.0.8
sambasamba
3.0.9
sambasamba
3.0.10
sambasamba
3.0.11
sambasamba
3.0.12
sambasamba
3.0.13
sambasamba
3.0.14
sambasamba
3.0.14:a
sambasamba
3.0.14a:a
sambasamba
3.0.15
sambasamba
3.0.16
sambasamba
3.0.17
sambasamba
3.0.18
sambasamba
3.0.19
sambasamba
3.0.20
sambasamba
3.0.20:a
sambasamba
3.0.20:b
sambasamba
3.0.20a:a
sambasamba
3.0.20b:b
sambasamba
3.0.21
sambasamba
3.0.21:a
sambasamba
3.0.21:b
sambasamba
3.0.21:c
sambasamba
3.0.21a:a
sambasamba
3.0.21b:b
sambasamba
3.0.21c:c
sambasamba
3.0.22
sambasamba
3.0.23
sambasamba
3.0.23:a
sambasamba
3.0.23:b
sambasamba
3.0.23:c
sambasamba
3.0.23:d
sambasamba
3.0.23a:a
sambasamba
3.0.23b:b
sambasamba
3.0.23c:c
sambasamba
3.0.23d:d
sambasamba
3.0.24
sambasamba
3.0.25
sambasamba
3.0.25:a
sambasamba
3.0.25:b
sambasamba
3.0.25:c
sambasamba
3.0.25:pre1
sambasamba
3.0.25:pre2
sambasamba
3.0.25:rc1
sambasamba
3.0.25:rc2
sambasamba
3.0.25:rc3
sambasamba
3.0.25a:a
sambasamba
3.0.25b:b
sambasamba
3.0.25c:c
sambasamba
3.0.26
sambasamba
3.0.26:a
sambasamba
3.0.26a:a
sambasamba
3.0.27
sambasamba
3.0.27:a
sambasamba
3.0.28
sambasamba
3.0.28:a
sambasamba
3.0.29
sambasamba
3.0.30
sambasamba
3.0.31
sambasamba
3.0.32
sambasamba
3.0.33
sambasamba
3.0.34
sambasamba
3.0.35
sambasamba
3.0.36
sambasamba
3.0.37
sambasamba
3.1.0
sambasamba
3.2.0
sambasamba
3.2.1
sambasamba
3.2.2
sambasamba
3.2.3
sambasamba
3.2.4
sambasamba
3.2.5
sambasamba
3.2.6
sambasamba
3.2.7
sambasamba
3.2.8
sambasamba
3.2.9
sambasamba
3.2.10
sambasamba
3.2.11
sambasamba
3.2.12
sambasamba
3.2.13
sambasamba
3.2.14
sambasamba
3.2.15
sambasamba
3.3.0
sambasamba
3.3.1
sambasamba
3.3.2
sambasamba
3.3.3
sambasamba
3.3.4
sambasamba
3.3.5
sambasamba
3.3.6
sambasamba
3.3.7
sambasamba
3.3.8
sambasamba
3.3.9
sambasamba
3.3.10
sambasamba
3.3.11
sambasamba
3.3.12
sambasamba
3.3.13
sambasamba
3.3.14
sambasamba
3.3.15
sambasamba
3.3.16
sambasamba
3.4.0
sambasamba
3.4.1
sambasamba
3.4.2
sambasamba
3.4.3
sambasamba
3.4.4
sambasamba
3.4.5
sambasamba
3.4.6
sambasamba
3.4.7
sambasamba
3.4.8
sambasamba
3.4.9
sambasamba
3.4.10
sambasamba
3.4.11
sambasamba
3.4.12
sambasamba
3.4.13
sambasamba
3.4.14
sambasamba
3.4.15
sambasamba
3.4.16
sambasamba
3.4.17
sambasamba
3.5.0
sambasamba
3.5.1
sambasamba
3.5.2
sambasamba
3.5.10
sambasamba
3.5.11
sambasamba
3.5.12
sambasamba
3.5.13
sambasamba
3.5.14
sambasamba
3.5.15
sambasamba
3.5.16
sambasamba
3.5.17
sambasamba
3.5.18
sambasamba
3.5.19
sambasamba
3.5.20
sambasamba
3.5.21
sambasamba
3.6.0
sambasamba
3.6.1
sambasamba
3.6.2
sambasamba
3.6.3
sambasamba
3.6.4
sambasamba
3.6.5
sambasamba
3.6.6
sambasamba
3.6.7
sambasamba
3.6.8
sambasamba
3.6.9
sambasamba
3.6.10
sambasamba
3.6.11
sambasamba
3.6.12
sambasamba
3.6.13
sambasamba
3.6.14
sambasamba
3.6.15
sambasamba
3.6.16
sambasamba
4.0.0
sambasamba
4.0.1
sambasamba
4.0.2
sambasamba
4.0.3
sambasamba
4.0.4
sambasamba
4.0.5
sambasamba
4.0.6
sambasamba
4.0.7
opensuseopensuse
12.2
opensuseopensuse
12.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
not-affected
raring
Fixed 2:3.6.9-1ubuntu1.1
released
quantal
Fixed 2:3.6.6-3ubuntu5.2
released
precise
Fixed 2:3.6.3-2ubuntu2.8
released
lucid
Fixed 2:3.4.7~dfsg-1ubuntu3.12
released
samba4
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html
http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.html
http://marc.info/?l=bugtraq&m=141660010015249&w=2
http://marc.info/?l=bugtraq&m=141660010015249&w=2
http://osvdb.org/95969
http://rhn.redhat.com/errata/RHSA-2013-1310.html
http://rhn.redhat.com/errata/RHSA-2013-1542.html
http://rhn.redhat.com/errata/RHSA-2013-1543.html
http://rhn.redhat.com/errata/RHSA-2014-0305.html
http://secunia.com/advisories/54519
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:207
http://www.samba.org/samba/history/samba-3.5.22.html
http://www.samba.org/samba/history/samba-3.6.17.html
http://www.samba.org/samba/history/samba-4.0.8.html
http://www.samba.org/samba/security/CVE-2013-4124
http://www.securitytracker.com/id/1028882
http://www.ubuntu.com/usn/USN-1966-1
https://bugzilla.redhat.com/show_bug.cgi?id=984401
https://exchange.xforce.ibmcloud.com/vulnerabilities/86185
http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html
http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.html
http://marc.info/?l=bugtraq&m=141660010015249&w=2
http://marc.info/?l=bugtraq&m=141660010015249&w=2
http://osvdb.org/95969
http://rhn.redhat.com/errata/RHSA-2013-1310.html
http://rhn.redhat.com/errata/RHSA-2013-1542.html
http://rhn.redhat.com/errata/RHSA-2013-1543.html
http://rhn.redhat.com/errata/RHSA-2014-0305.html
http://secunia.com/advisories/54519
http://security.gentoo.org/glsa/glsa-201502-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2013:207
http://www.samba.org/samba/history/samba-3.5.22.html
http://www.samba.org/samba/history/samba-3.6.17.html
http://www.samba.org/samba/history/samba-4.0.8.html
http://www.samba.org/samba/security/CVE-2013-4124
http://www.securitytracker.com/id/1028882
http://www.ubuntu.com/usn/USN-1966-1
https://bugzilla.redhat.com/show_bug.cgi?id=984401
https://exchange.xforce.ibmcloud.com/vulnerabilities/86185