[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2013-4124

Date: (C)2013-08-21   (M)2017-08-29
 
CVSS Score: 5.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: PARTIAL











Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Reference:
SECTRACK-1028882
http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html
SECUNIA-54519
OSVDB-95969
FEDORA-2013-14312
FEDORA-2013-14355
FEDORA-2014-9132
GLSA-201502-15
IAVM:2013-B-0082
MDVSA-2013:207
RHSA-2013:1310
RHSA-2013:1542
RHSA-2013:1543
RHSA-2014:0305
SSRT101413
USN-1966-1
http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch
http://www.samba.org/samba/history/samba-3.5.22.html
http://www.samba.org/samba/history/samba-3.6.17.html
http://www.samba.org/samba/history/samba-4.0.8.html
http://www.samba.org/samba/security/CVE-2013-4124
https://bugzilla.redhat.com/show_bug.cgi?id=984401
openSUSE-SU-2013:1339
openSUSE-SU-2013:1349
samba-cve20134121-dos(86185)

CPE    177
cpe:/o:canonical:ubuntu_linux:13.04
cpe:/o:novell:opensuse:12.2
cpe:/o:novell:opensuse:12.3
cpe:/o:fedoraproject:fedora:18
...
CWE    1
CWE-189
OVAL    19
oval:org.secpod.oval:def:1500317
oval:org.secpod.oval:def:107173
oval:org.secpod.oval:def:106072
oval:org.secpod.oval:def:1300212
...

© 2013 SecPod Technologies