National Vulnerability Database (NVD) National Vulnerability Database (CVE-2010-2063)

National Cyber Awareness System

Vulnerability Summary for CVE-2010-2063

Original release date:06/17/2010

Last revised:08/27/2011

Source: US-CERT/NIST

Overview

Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch

Type: Patch Information

Hyperlink:http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch

External Source: CONFIRM

Name: http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch

Type: Patch Information

Hyperlink:http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch

External Source: MLIST

Name: [samba-announce] 20100616 Samba 3.3.13 Security Release Available for Download

Type: Patch Information

Hyperlink:http://marc.info/?l=samba-announce&m=127668712312761&w=2

External Source: XF

Name: samba-smb1-code-execution(59481)

Hyperlink:http://xforce.iss.net/xforce/xfdb/59481

External Source: VUPEN

Name: ADV-2010-3063

Hyperlink:http://www.vupen.com/english/advisories/2010/3063

External Source: VUPEN

Name: ADV-2010-1517

Hyperlink:http://www.vupen.com/english/advisories/2010/1517

External Source: VUPEN

Name: ADV-2010-1507

Hyperlink:http://www.vupen.com/english/advisories/2010/1507

External Source: VUPEN

Name: ADV-2010-1505

Hyperlink:http://www.vupen.com/english/advisories/2010/1505

External Source: VUPEN

Name: ADV-2010-1504

Hyperlink:http://www.vupen.com/english/advisories/2010/1504

External Source: VUPEN

Name: ADV-2010-1486

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1486

External Source: SECTRACK

Name: 1024107

Hyperlink:http://www.securitytracker.com/id?1024107

External Source: BID

Name: 40884

Hyperlink:http://www.securityfocus.com/bid/40884

External Source: CONFIRM

Name: http://www.samba.org/samba/security/CVE-2010-2063.html

Hyperlink:http://www.samba.org/samba/security/CVE-2010-2063.html

External Source: CONFIRM

Name: http://www.samba.org/samba/ftp/history/samba-3.3.13.html

Hyperlink:http://www.samba.org/samba/ftp/history/samba-3.3.13.html

External Source: REDHAT

Name: RHSA-2010:0488

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0488.html

External Source: MANDRIVA

Name: MDVSA-2010:119

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:119

External Source: DEBIAN

Name: DSA-2061

Hyperlink:http://www.debian.org/security/2010/dsa-2061

External Source: UBUNTU

Name: USN-951-1

Hyperlink:http://ubuntu.com/usn/usn-951-1

External Source: CONFIRM

Name: http://support.apple.com/kb/HT4312

Hyperlink:http://support.apple.com/kb/HT4312

External Source: SLACKWARE

Name: SSA:2010-169-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914

External Source: SECUNIA

Name: 42319

Hyperlink:http://secunia.com/advisories/42319

External Source: SECUNIA

Name: 40293

Hyperlink:http://secunia.com/advisories/40293

External Source: SECUNIA

Name: 40221

Hyperlink:http://secunia.com/advisories/40221

External Source: SECUNIA

Name: 40210

Hyperlink:http://secunia.com/advisories/40210

External Source: SECUNIA

Name: 40145

Type: Advisory

Hyperlink:http://secunia.com/advisories/40145

External Source: OVAL

Name: oval:org.mitre.oval:def:9859

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9859

External Source: OVAL

Name: oval:org.mitre.oval:def:7115

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7115

External Source: OVAL

Name: oval:org.mitre.oval:def:12427

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12427

External Source: OSVDB

Name: 65518

Hyperlink:http://osvdb.org/65518

External Source: HP

Name: SSRT100460

Hyperlink:http://marc.info/?l=bugtraq&m=130835366526620&w=2

External Source: HP

Name: HPSBUX02657

Hyperlink:http://marc.info/?l=bugtraq&m=130835366526620&w=2

External Source: HP

Name: HPSBUX02609

Hyperlink:http://marc.info/?l=bugtraq&m=129138831608422&w=2

External Source: HP

Name: HPSBUX02609

Hyperlink:http://marc.info/?l=bugtraq&m=129138831608422&w=2

External Source: SUSE

Name: SUSE-SR:2010:014

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

External Source: APPLE

Name: APPLE-SA-2010-08-24-1

Hyperlink:http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html

External Source: IDEFENSE

Name: 20100616 Samba 3.3.12 Memory Corruption Vulnerability

Hyperlink:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873

References to Check Content

Identifier:oval:org.mitre.oval:def:9859

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9859

Identifier:oval:org.mitre.oval:def:12427

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:12427

Identifier:oval:org.mitre.oval:def:7115

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:7115

Vulnerable software and versions

Configuration 1

* cpe:/a:samba:samba:3.0.28

* cpe:/a:samba:samba:3.0.14a

* cpe:/a:samba:samba:3.0.27a

* cpe:/a:samba:samba:3.0.14

* cpe:/a:samba:samba:3.0.29

* cpe:/a:samba:samba:3.0.16

* cpe:/a:samba:samba:3.0.28a

* cpe:/a:samba:samba:3.0.15

* cpe:/a:samba:samba:3.0.18

* cpe:/a:samba:samba:3.0.17

* cpe:/a:samba:samba:3.0.2

* cpe:/a:samba:samba:3.0.19

* cpe:/a:samba:samba:3.0

* cpe:/a:samba:samba:3.0.1

* cpe:/a:samba:samba:3.0.0

* cpe:/a:samba:samba:3.0.11

* cpe:/a:samba:samba:3.0.10

* cpe:/a:samba:samba:3.0.13

* cpe:/a:samba:samba:3.0.12

* cpe:/a:samba:samba:3.0.23

* cpe:/a:samba:samba:3.0.23a

* cpe:/a:samba:samba:3.0.23b

* cpe:/a:samba:samba:3.0.23c

* cpe:/a:samba:samba:3.0.23d

* cpe:/a:samba:samba:3.0.24

* cpe:/a:samba:samba:3.0.25:pre1

* cpe:/a:samba:samba:3.0.25:pre2

* cpe:/a:samba:samba:3.0.20

* cpe:/a:samba:samba:3.0.20a

* cpe:/a:samba:samba:3.0.20b

* cpe:/a:samba:samba:3.0.21

* cpe:/a:samba:samba:3.0.27

* cpe:/a:samba:samba:3.0.21a

* cpe:/a:samba:samba:3.0.37

* cpe:/a:samba:samba:3.0.21b

* cpe:/a:samba:samba:3.0.21c

* cpe:/a:samba:samba:3.0.35

* cpe:/a:samba:samba:3.0.22

* cpe:/a:samba:samba:3.0.36

* cpe:/a:samba:samba:3.0.9

* cpe:/a:samba:samba:3.0.8

* cpe:/a:samba:samba:3.0.7

* cpe:/a:samba:samba:3.0.6

* cpe:/a:samba:samba:3.0.2a

* cpe:/a:samba:samba:3.0.25:rc3

* cpe:/a:samba:samba:3.0.25:rc2

* cpe:/a:samba:samba:3.0.25:rc1

* cpe:/a:samba:samba:3.0.25

* cpe:/a:samba:samba:3.0.5

* cpe:/a:samba:samba:3.0.25a

* cpe:/a:samba:samba:3.0.4:rc1

* cpe:/a:samba:samba:3.0.25b

* cpe:/a:samba:samba:3.0.4

* cpe:/a:samba:samba:3.0.3

* cpe:/a:samba:samba:3.0.25c

* cpe:/a:samba:samba:3.0.34

* cpe:/a:samba:samba:3.0.32

* cpe:/a:samba:samba:3.0.31

* cpe:/a:samba:samba:3.0.26a

* cpe:/a:samba:samba:3.0.30

* cpe:/a:samba:samba:3.0.26

* cpe:/a:samba:samba:3.0.33

* cpe:/a:samba:samba:3.1

* cpe:/a:samba:samba:3.2.0

* cpe:/a:samba:samba:3.2.14

* cpe:/a:samba:samba:3.2.15

* cpe:/a:samba:samba:3.2.13

* cpe:/a:samba:samba:3.2.5

* cpe:/a:samba:samba:3.2.6

* cpe:/a:samba:samba:3.2.4

* cpe:/a:samba:samba:3.2.3

* cpe:/a:samba:samba:3.2.2

* cpe:/a:samba:samba:3.2.7

* cpe:/a:samba:samba:3.2.1

* cpe:/a:samba:samba:3.2.9

* cpe:/a:samba:samba:3.2.8

* cpe:/a:samba:samba:3.2.10

* cpe:/a:samba:samba:3.2.11

* cpe:/a:samba:samba:3.2

* cpe:/a:samba:samba:3.2.12

* cpe:/a:samba:samba:3.3.9

* cpe:/a:samba:samba:3.3.10

* cpe:/a:samba:samba:3.3.7

* cpe:/a:samba:samba:3.3.8

* cpe:/a:samba:samba:3.3.0

* cpe:/a:samba:samba:3.3.6

* cpe:/a:samba:samba:3.3.2

* cpe:/a:samba:samba:3.3.1

* cpe:/a:samba:samba:3.3.11

* cpe:/a:samba:samba:3.3

* cpe:/a:samba:samba:3.3.5

* cpe:/a:samba:samba:3.3.4

* cpe:/a:samba:samba:3.3.3

* cpe:/a:samba:samba:3.3.12 and previous versions

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Buffer Errors (CWE-119)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2063