Описание
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| samba | fixed | 2:3.6.17-1 | package | |
| samba | fixed | 2:3.6.6-6+deb7u1 | wheezy | package |
| samba | fixed | 2:3.5.6~dfsg-3squeeze10 | squeeze | package |
| samba4 | unfixed | package | ||
| samba4 | fixed | 4.0.0~beta2+dfsg1-3.2+deb7u1 | wheezy | package |
Примечания
https://www.samba.org/samba/security/CVE-2013-4124
samba as per 2:4.0.9+dfsg-2 is the first upload of the unified samba 4.x package to unstable.
Issue also fixed in 4.0.8 upstream, thus the fix still contained in 4.x in unstable
EPSS
Связанные уязвимости
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
ELSA-2013-1543: samba4 security and bug fix update (MODERATE)
EPSS