5

CVE-2011-0719

Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version3.0.0
SambaSamba Version3.0.1
SambaSamba Version3.0.2
SambaSamba Version3.0.2 Updatea
SambaSamba Version3.0.2a
SambaSamba Version3.0.3
SambaSamba Version3.0.4
SambaSamba Version3.0.4 Updaterc1
SambaSamba Version3.0.5
SambaSamba Version3.0.6
SambaSamba Version3.0.7
SambaSamba Version3.0.8
SambaSamba Version3.0.9
SambaSamba Version3.0.10
SambaSamba Version3.0.11
SambaSamba Version3.0.12
SambaSamba Version3.0.13
SambaSamba Version3.0.14
SambaSamba Version3.0.14 Updatea
SambaSamba Version3.0.14a
SambaSamba Version3.0.15
SambaSamba Version3.0.16
SambaSamba Version3.0.17
SambaSamba Version3.0.18
SambaSamba Version3.0.19
SambaSamba Version3.0.20
SambaSamba Version3.0.20 Updatea
SambaSamba Version3.0.20 Updateb
SambaSamba Version3.0.20a
SambaSamba Version3.0.20b
SambaSamba Version3.0.21
SambaSamba Version3.0.21 Updatea
SambaSamba Version3.0.21 Updateb
SambaSamba Version3.0.21 Updatec
SambaSamba Version3.0.21a
SambaSamba Version3.0.21b
SambaSamba Version3.0.21c
SambaSamba Version3.0.22
SambaSamba Version3.0.23
SambaSamba Version3.0.23 Updatea
SambaSamba Version3.0.23 Updateb
SambaSamba Version3.0.23 Updatec
SambaSamba Version3.0.23 Updated
SambaSamba Version3.0.23a
SambaSamba Version3.0.23b
SambaSamba Version3.0.23c
SambaSamba Version3.0.23d
SambaSamba Version3.0.24
SambaSamba Version3.0.25
SambaSamba Version3.0.25 Updatea
SambaSamba Version3.0.25 Updateb
SambaSamba Version3.0.25 Updatec
SambaSamba Version3.0.25 Updatepre1
SambaSamba Version3.0.25 Updatepre2
SambaSamba Version3.0.25 Updaterc1
SambaSamba Version3.0.25 Updaterc2
SambaSamba Version3.0.25 Updaterc3
SambaSamba Version3.0.25a
SambaSamba Version3.0.25b
SambaSamba Version3.0.25c
SambaSamba Version3.0.26
SambaSamba Version3.0.26 Updatea
SambaSamba Version3.0.26a
SambaSamba Version3.0.27
SambaSamba Version3.0.27 Updatea
SambaSamba Version3.0.28
SambaSamba Version3.0.28 Updatea
SambaSamba Version3.0.29
SambaSamba Version3.0.30
SambaSamba Version3.0.31
SambaSamba Version3.0.32
SambaSamba Version3.0.33
SambaSamba Version3.0.34
SambaSamba Version3.0.35
SambaSamba Version3.0.36
SambaSamba Version3.0.37
SambaSamba Version3.1.0
SambaSamba Version3.2.0
SambaSamba Version3.2.1
SambaSamba Version3.2.2
SambaSamba Version3.2.3
SambaSamba Version3.2.4
SambaSamba Version3.2.5
SambaSamba Version3.2.6
SambaSamba Version3.2.7
SambaSamba Version3.2.8
SambaSamba Version3.2.9
SambaSamba Version3.2.10
SambaSamba Version3.2.11
SambaSamba Version3.2.12
SambaSamba Version3.2.13
SambaSamba Version3.2.14
SambaSamba Version3.2.15
SambaSamba Version3.3.0
SambaSamba Version3.3.1
SambaSamba Version3.3.2
SambaSamba Version3.3.3
SambaSamba Version3.3.4
SambaSamba Version3.3.5
SambaSamba Version3.3.6
SambaSamba Version3.3.7
SambaSamba Version3.3.8
SambaSamba Version3.3.9
SambaSamba Version3.3.10
SambaSamba Version3.3.11
SambaSamba Version3.3.12
SambaSamba Version3.3.13
SambaSamba Version3.3.14
SambaSamba Version3.4.0
SambaSamba Version3.4.1
SambaSamba Version3.4.2
SambaSamba Version3.4.3
SambaSamba Version3.4.4
SambaSamba Version3.4.5
SambaSamba Version3.4.6
SambaSamba Version3.4.7
SambaSamba Version3.4.8
SambaSamba Version3.4.9
SambaSamba Version3.4.10
SambaSamba Version3.4.11
SambaSamba Version3.5.0
SambaSamba Version3.5.1
SambaSamba Version3.5.2
SambaSamba Version3.5.3
SambaSamba Version3.5.4
SambaSamba Version3.5.5
SambaSamba Version3.5.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.65% 0.905
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://support.apple.com/kb/HT4723
http://marc.info/?l=bugtraq&m=130835366526620&w=2
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056229.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056241.html
http://samba.org/samba/security/CVE-2011-0719.html
Vendor Advisory
http://secunia.com/advisories/43482
Vendor Advisory
http://secunia.com/advisories/43503
Vendor Advisory
http://secunia.com/advisories/43512
Vendor Advisory
http://secunia.com/advisories/43517
Vendor Advisory
http://secunia.com/advisories/43556
Vendor Advisory
http://secunia.com/advisories/43557
Vendor Advisory
http://secunia.com/advisories/43843
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593629
http://www.debian.org/security/2011/dsa-2175
http://www.mandriva.com/security/advisories?name=MDVSA-2011:038
http://www.redhat.com/support/errata/RHSA-2011-0305.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0306.html
Vendor Advisory
http://www.samba.org/samba/history/samba-3.3.15.html
http://www.samba.org/samba/history/samba-3.4.12.html
http://www.samba.org/samba/history/samba-3.5.7.html
http://www.securityfocus.com/bid/46597
http://www.securitytracker.com/id?1025132
http://www.ubuntu.com/usn/USN-1075-1
http://www.vupen.com/english/advisories/2011/0517
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0518
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0519
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0520
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0522
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0541
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0702
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=678328
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/65724