CVE-2010-1635

Related Files

Gentoo Linux Security Advisory 201206-22

Posted Jun 24, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-22 - Multiple vulnerabilities have been found in Samba, the worst of which may allow execution of arbitrary code with root privileges. Versions less than 3.5.15 are affected.

tags | advisory, arbitrary, root, vulnerability

systems | linux, gentoo

advisories | CVE-2009-2906, CVE-2009-2948, CVE-2010-0728, CVE-2010-1635, CVE-2010-1642, CVE-2010-2063, CVE-2010-3069, CVE-2011-0719, CVE-2011-1678, CVE-2011-2724, CVE-2012-0870, CVE-2012-1182, CVE-2012-2111

SHA-256 | 3a8fd8a24a3985683e4babf848739763a038475b7f8effd578be0119268b2f7f

Download | Favorite | View

Mandriva Linux Security Advisory 2010-141

Posted Jul 28, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues.

tags | advisory, remote, denial of service, protocol

systems | linux, mandriva

advisories | CVE-2010-1635, CVE-2010-1642

SHA-256 | 7ee6ee198ea7396983a1a87bc200592fcb2964ad00adfeb360b908b1b52b81e4

Download | Favorite | View