Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-4124

Published: 06/08/2013 Updated: 30/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x prior to 3.5.22, 3.6.x prior to 3.6.17, and 4.x prior to 4.0.8 allows remote malicious users to cause a denial of service (memory consumption) via a malformed packet.

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 13.04

canonical ubuntu linux 12.10

canonical ubuntu linux 10.04

canonical ubuntu linux 12.04

redhat enterprise linux 5

fedoraproject fedora 18

fedoraproject fedora 19

samba samba 4.0.0

samba samba 4.0.1

samba samba 3.6.1

samba samba 3.6.10

samba samba 3.6.6

samba samba 3.6.7

samba samba 3.0.13

samba samba 3.0.14

samba samba 3.0.19

samba samba 3.0.2

samba samba 3.0.21

samba samba 3.0.23

samba samba 3.0.24

samba samba 3.0.25

samba samba 3.0.25a

samba samba 3.0.27

samba samba 3.0.28

samba samba 3.0.32

samba samba 3.0.33

samba samba 3.0.5

samba samba 3.0.6

samba samba 3.0.7

samba samba 3.2.11

samba samba 3.2.12

samba samba 3.2.5

samba samba 3.2.6

samba samba 3.3.12

samba samba 3.3.13

samba samba 3.3.5

samba samba 3.3.6

samba samba 3.4.11

samba samba 3.4.12

samba samba 3.4.4

samba samba 3.4.5

samba samba 3.5.10

samba samba 3.5.11

samba samba 3.5.18

samba samba 3.5.19

samba samba 4.0.3

samba samba 4.0.4

samba samba 3.6.14

samba samba 3.6.15

samba samba 3.6.2

samba samba 3.6.3

samba samba 3.0.0

samba samba 3.0.1

samba samba 3.0.10

samba samba 3.0.15

samba samba 3.0.16

samba samba 3.0.20

samba samba 3.0.21b

samba samba 3.0.21c

samba samba 3.0.23a

samba samba 3.0.23b

samba samba 3.0.26

samba samba 3.0.2a

samba samba 3.0.3

samba samba 3.0.36

samba samba 3.0.37

samba samba 3.1.0

samba samba 3.2.0

samba samba 3.2.15

samba samba 3.2.2

samba samba 3.2.9

samba samba 3.3.0

samba samba 3.3.16

samba samba 3.3.2

samba samba 3.3.9

samba samba 3.4.0

samba samba 3.4.15

samba samba 3.4.16

samba samba 3.4.17

samba samba 3.4.8

samba samba 3.4.9

samba samba 3.5.14

samba samba 3.5.15

samba samba 4.0.2

samba samba 3.6.13

samba samba 3.6.11

samba samba 3.6.12

samba samba 3.6.8

samba samba 3.6.9

samba samba 3.0.14a

samba samba 3.0.21a

samba samba 3.0.25b

samba samba 3.0.25c

samba samba 3.0.29

samba samba 3.0.34

samba samba 3.0.35

samba samba 3.0.8

samba samba 3.0.9

samba samba 3.2.13

samba samba 3.2.14

samba samba 3.2.7

samba samba 3.2.8

samba samba 3.3.14

samba samba 3.3.15

samba samba 3.3.7

samba samba 3.3.8

samba samba 3.4.13

samba samba 3.4.14

samba samba 3.4.6

samba samba 3.4.7

samba samba 3.5.12

samba samba 3.5.13

samba samba 3.5.2

samba samba 3.5.20

samba samba 3.5.21

samba samba 4.0.5

samba samba 4.0.6

samba samba 4.0.7

samba samba 3.6.16

samba samba 3.6.0

samba samba 3.6.4

samba samba 3.6.5

samba samba 3.0.11

samba samba 3.0.12

samba samba 3.0.17

samba samba 3.0.18

samba samba 3.0.20a

samba samba 3.0.20b

samba samba 3.0.22

samba samba 3.0.23c

samba samba 3.0.23d

samba samba 3.0.26a

samba samba 3.0.30

samba samba 3.0.31

samba samba 3.0.4

samba samba 3.2.1

samba samba 3.2.10

samba samba 3.2.3

samba samba 3.2.4

samba samba 3.3.1

samba samba 3.3.10

samba samba 3.3.11

samba samba 3.3.3

samba samba 3.3.4

samba samba 3.4.1

samba samba 3.4.10

samba samba 3.4.2

samba samba 3.4.3

samba samba 3.5.0

samba samba 3.5.1

samba samba 3.5.16

samba samba 3.5.17

opensuse opensuse 12.2

opensuse opensuse 12.3

Vendor Advisories

Ubuntu Security Notice: samba vulnerability
Samba could be made to hang if it received specially crafted network traffic ...
Red Hat: Moderate: samba3x security and bug fix update
Synopsis Moderate: samba3x security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated samba3x packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecuri ...
Red Hat: Moderate: samba4 security and bug fix update
Synopsis Moderate: samba4 security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated samba4 packages that fix one security issue and two bugs are nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderate security impact ...
Red Hat: Moderate: samba security, bug fix, and enhancement update
Synopsis Moderate: samba security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated samba packages that fix three security issues, several bugs, andadd one enhancement are now available for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this up ...
Red Hat: CVE-2013-4124
Integer overflow in the read_nttrans_ea_list function in nttransc in smbd in Samba 3x before 3522, 36x before 3617, and 4x before 408 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet ...

Exploits

Exploit DB: Samba 3.5.22/3.6.17/4.0.8 - nttrans Reply Integer Overflow
Exploitation: samba nttrans reply integer overflow ___ ___ / _ \ / _ \ __ __| (_) || | | | ___ \ \/ / \__ || | | | / __| > < / / | |_| || (__ ...
Exploit DB: Samba Remote Denial Of Service
Samba malformed nttrans smb packet remote denial of service exploit ...
Exploit DB: Samba nttrans Denial Of Service
Samba malformed nttrans smb packet remote denial of service exploit This is the second version of this exploit that adds an automated offset and second argument ...

References

CWE-189http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patchhttps://bugzilla.redhat.com/show_bug.cgi?id=984401http://www.samba.org/samba/history/samba-3.6.17.htmlhttp://www.samba.org/samba/history/samba-4.0.8.htmlhttp://www.samba.org/samba/security/CVE-2013-4124http://www.samba.org/samba/history/samba-3.5.22.htmlhttp://www.securitytracker.com/id/1028882http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2013:207http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.htmlhttp://osvdb.org/95969http://secunia.com/advisories/54519http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591.htmlhttp://www.ubuntu.com/usn/USN-1966-1http://rhn.redhat.com/errata/RHSA-2013-1310.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1543.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1542.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0305.htmlhttp://security.gentoo.org/glsa/glsa-201502-15.xmlhttp://marc.info/?l=bugtraq&m=141660010015249&w=2http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/86185https://nvd.nist.govhttps://usn.ubuntu.com/1966-1/https://www.exploit-db.com/exploits/27778/https://access.redhat.com/security/cve/cve-2013-4124
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065open redirectCVE-2024-1086path traversalCVE-2024-29825XXECVE-2024-29822CVE-2024-20696CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook