CVE - CVE-2010-2063

CVE-ID
CVE-2010-2063	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1024107 URL:http://www.securitytracker.com/id?1024107 MISC:20100616 Samba 3.3.12 Memory Corruption Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873 MISC:40145 URL:http://secunia.com/advisories/40145 MISC:40210 URL:http://secunia.com/advisories/40210 MISC:40221 URL:http://secunia.com/advisories/40221 MISC:40293 URL:http://secunia.com/advisories/40293 MISC:40884 URL:http://www.securityfocus.com/bid/40884 MISC:42319 URL:http://secunia.com/advisories/42319 MISC:65518 URL:~~http://osvdb.org/65518~~ (Obsolete source) MISC:ADV-2010-1486 URL:~~http://www.vupen.com/english/advisories/2010/1486~~ (Obsolete source) MISC:ADV-2010-1504 URL:~~http://www.vupen.com/english/advisories/2010/1504~~ (Obsolete source) MISC:ADV-2010-1505 URL:~~http://www.vupen.com/english/advisories/2010/1505~~ (Obsolete source) MISC:ADV-2010-1507 URL:~~http://www.vupen.com/english/advisories/2010/1507~~ (Obsolete source) MISC:ADV-2010-1517 URL:~~http://www.vupen.com/english/advisories/2010/1517~~ (Obsolete source) MISC:ADV-2010-3063 URL:~~http://www.vupen.com/english/advisories/2010/3063~~ (Obsolete source) MISC:APPLE-SA-2010-08-24-1 URL:http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html MISC:DSA-2061 URL:http://www.debian.org/security/2010/dsa-2061 MISC:HPSBUX02609 URL:http://marc.info/?l=bugtraq&m=129138831608422&w=2 MISC:HPSBUX02657 URL:http://marc.info/?l=bugtraq&m=130835366526620&w=2 MISC:MDVSA-2010:119 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:119~~ (Obsolete source) MISC:RHSA-2010:0488 URL:http://www.redhat.com/support/errata/RHSA-2010-0488.html MISC:SSA:2010-169-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914 MISC:SSRT100147 URL:http://marc.info/?l=bugtraq&m=129138831608422&w=2 MISC:SSRT100460 URL:http://marc.info/?l=bugtraq&m=130835366526620&w=2 MISC:SUSE-SR:2010:014 URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html MISC:USN-951-1 URL:http://ubuntu.com/usn/usn-951-1 MISC:[samba-announce] 20100616 Samba 3.3.13 Security Release Available for Download URL:http://marc.info/?l=samba-announce&m=127668712312761&w=2 MISC:http://support.apple.com/kb/HT4312 URL:http://support.apple.com/kb/HT4312 MISC:http://www.samba.org/samba/ftp/history/samba-3.3.13.html URL:http://www.samba.org/samba/ftp/history/samba-3.3.13.html MISC:http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch URL:http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch MISC:http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch URL:http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch MISC:http://www.samba.org/samba/security/CVE-2010-2063.html URL:http://www.samba.org/samba/security/CVE-2010-2063.html MISC:oval:org.mitre.oval:def:12427 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12427 MISC:oval:org.mitre.oval:def:7115 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7115 MISC:oval:org.mitre.oval:def:9859 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9859 MISC:samba-smb1-code-execution(59481) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/59481
Assigning CNA
Red Hat, Inc.
Date Record Created
20100525	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100525)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)