7.5

CVE-2010-2063

EPSS 78.18%
Veröffentlicht 17.06.2010 16:30:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 37

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samba ≫ Samba Version >= 3.0.0 <= 3.3.12

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Canonical ≫ Ubuntu Linux Version9.04

Debian ≫ Debian Linux Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	78.18%	0.99

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Third Party Advisory

Mailing List

http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT4312

Third Party Advisory

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873

Broken Link

http://marc.info/?l=bugtraq&m=129138831608422&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=bugtraq&m=130835366526620&w=2

Third Party Advisory

Mailing List

http://marc.info/?l=samba-announce&m=127668712312761&w=2

Patch

Third Party Advisory

Mailing List

http://osvdb.org/65518

Broken Link

http://secunia.com/advisories/40145

Third Party Advisory

http://secunia.com/advisories/40210

Third Party Advisory

http://secunia.com/advisories/40221

Third Party Advisory

http://secunia.com/advisories/40293

Third Party Advisory

http://secunia.com/advisories/42319

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914

Third Party Advisory

Mailing List

http://ubuntu.com/usn/usn-951-1

Third Party Advisory

http://www.debian.org/security/2010/dsa-2061

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:119

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0488.html

Third Party Advisory

http://www.samba.org/samba/ftp/history/samba-3.3.13.html

Vendor Advisory

http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch

Patch

Vendor Advisory

http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch

Patch

Vendor Advisory

http://www.samba.org/samba/security/CVE-2010-2063.html

Vendor Advisory

http://www.securityfocus.com/bid/40884

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id?1024107

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2010/1486

Permissions Required

http://www.vupen.com/english/advisories/2010/1504

Permissions Required

http://www.vupen.com/english/advisories/2010/1505

Permissions Required

http://www.vupen.com/english/advisories/2010/1507

Permissions Required

http://www.vupen.com/english/advisories/2010/1517

Permissions Required

http://www.vupen.com/english/advisories/2010/3063

Permissions Required

https://exchange.xforce.ibmcloud.com/vulnerabilities/59481

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12427

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7115

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9859

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2010-2063

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2063

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2063

EUVD