CVE-2010-1635

Exploit

EPSS 12.66%
Veröffentlicht 17.06.2010 16:30:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samba ≫ Samba Version <= 3.4.7

Samba ≫ Samba Version3.0.0

Samba ≫ Samba Version3.0.1

Samba ≫ Samba Version3.0.2

Samba ≫ Samba Version3.0.2a

Samba ≫ Samba Version3.0.3

Samba ≫ Samba Version3.0.4

Samba ≫ Samba Version3.0.4 Updaterc1

Samba ≫ Samba Version3.0.5

Samba ≫ Samba Version3.0.6

Samba ≫ Samba Version3.0.7

Samba ≫ Samba Version3.0.8

Samba ≫ Samba Version3.0.9

Samba ≫ Samba Version3.0.10

Samba ≫ Samba Version3.0.11

Samba ≫ Samba Version3.0.12

Samba ≫ Samba Version3.0.13

Samba ≫ Samba Version3.0.14

Samba ≫ Samba Version3.0.14a

Samba ≫ Samba Version3.0.15

Samba ≫ Samba Version3.0.16

Samba ≫ Samba Version3.0.17

Samba ≫ Samba Version3.0.18

Samba ≫ Samba Version3.0.19

Samba ≫ Samba Version3.0.20

Samba ≫ Samba Version3.0.20a

Samba ≫ Samba Version3.0.20b

Samba ≫ Samba Version3.0.21

Samba ≫ Samba Version3.0.21a

Samba ≫ Samba Version3.0.21b

Samba ≫ Samba Version3.0.21c

Samba ≫ Samba Version3.0.22

Samba ≫ Samba Version3.0.23

Samba ≫ Samba Version3.0.23a

Samba ≫ Samba Version3.0.23b

Samba ≫ Samba Version3.0.23c

Samba ≫ Samba Version3.0.23d

Samba ≫ Samba Version3.0.24

Samba ≫ Samba Version3.0.25

Samba ≫ Samba Version3.0.25 Updatepre1

Samba ≫ Samba Version3.0.25 Updatepre2

Samba ≫ Samba Version3.0.25 Updaterc1

Samba ≫ Samba Version3.0.25 Updaterc2

Samba ≫ Samba Version3.0.25 Updaterc3

Samba ≫ Samba Version3.0.25a

Samba ≫ Samba Version3.0.25b

Samba ≫ Samba Version3.0.25c

Samba ≫ Samba Version3.0.26

Samba ≫ Samba Version3.0.26a

Samba ≫ Samba Version3.0.27

Samba ≫ Samba Version3.0.27a

Samba ≫ Samba Version3.0.28

Samba ≫ Samba Version3.0.28a

Samba ≫ Samba Version3.0.29

Samba ≫ Samba Version3.0.30

Samba ≫ Samba Version3.0.31

Samba ≫ Samba Version3.0.32

Samba ≫ Samba Version3.0.33

Samba ≫ Samba Version3.0.34

Samba ≫ Samba Version3.0.35

Samba ≫ Samba Version3.0.36

Samba ≫ Samba Version3.0.37

Samba ≫ Samba Version3.1.0

Samba ≫ Samba Version3.2

Samba ≫ Samba Version3.2.0

Samba ≫ Samba Version3.2.1

Samba ≫ Samba Version3.2.2

Samba ≫ Samba Version3.2.3

Samba ≫ Samba Version3.2.4

Samba ≫ Samba Version3.2.5

Samba ≫ Samba Version3.2.6

Samba ≫ Samba Version3.2.7

Samba ≫ Samba Version3.2.8

Samba ≫ Samba Version3.2.9

Samba ≫ Samba Version3.2.10

Samba ≫ Samba Version3.2.11

Samba ≫ Samba Version3.2.12

Samba ≫ Samba Version3.2.13

Samba ≫ Samba Version3.2.14

Samba ≫ Samba Version3.2.15

Samba ≫ Samba Version3.3

Samba ≫ Samba Version3.3.0

Samba ≫ Samba Version3.3.1

Samba ≫ Samba Version3.3.2

Samba ≫ Samba Version3.3.3

Samba ≫ Samba Version3.3.4

Samba ≫ Samba Version3.3.5

Samba ≫ Samba Version3.3.6

Samba ≫ Samba Version3.3.7

Samba ≫ Samba Version3.3.8

Samba ≫ Samba Version3.3.9

Samba ≫ Samba Version3.3.10

Samba ≫ Samba Version3.3.11

Samba ≫ Samba Version3.4

Samba ≫ Samba Version3.4.0

Samba ≫ Samba Version3.4.1

Samba ≫ Samba Version3.4.2

Samba ≫ Samba Version3.4.3

Samba ≫ Samba Version3.4.4

Samba ≫ Samba Version3.4.5

Samba ≫ Samba Version3.4.6

Samba ≫ Samba Version3.5

Samba ≫ Samba Version3.5.0

Samba ≫ Samba Version3.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.66%	0.937

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://git.samba.org/?p=samba.git%3Ba=commit%3Bh=25452a2268ac7013da28125f3df22085139af12d

http://samba.org/samba/history/samba-3.4.8.html

http://samba.org/samba/history/samba-3.5.2.html

http://security-tracker.debian.org/tracker/CVE-2010-1635

http://www.mandriva.com/security/advisories?name=MDVSA-2010:141

http://www.securityfocus.com/bid/40097

Exploit

http://www.stratsec.net/Research/Advisories/Samba-Multiple-DoS-Vulnerabilities-%28SS-2010-005%29

http://www.vupen.com/english/advisories/2010/1933

https://bugzilla.redhat.com/show_bug.cgi?id=594921

https://bugzilla.samba.org/show_bug.cgi?id=7229

https://nvd.nist.gov/vuln/detail/CVE-2010-1635

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1635

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1635

EUVD