CVE-2013-4124
MEDIUM severity · CVSS 5 · CWE-189
5CVSS MEDIUM
Summary
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impactNone
Integrity impactNone
Availability impact—
Exploit probability (EPSS)69%
AV:N/AC:L/Au:N/C:N/I:N/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch ↗
Additional information
- NVD record
- http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patchPatch
- http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591.htmlAdvisory
- http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.htmlAdvisory
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
- http://marc.info/?l=bugtraq&m=141660010015249&w=2