exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

CVE-2010-2063

Status Candidate

Overview

Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.

Related Files

Gentoo Linux Security Advisory 201206-22
Posted Jun 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-22 - Multiple vulnerabilities have been found in Samba, the worst of which may allow execution of arbitrary code with root privileges. Versions less than 3.5.15 are affected.

tags | advisory, arbitrary, root, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2906, CVE-2009-2948, CVE-2010-0728, CVE-2010-1635, CVE-2010-1642, CVE-2010-2063, CVE-2010-3069, CVE-2011-0719, CVE-2011-1678, CVE-2011-2724, CVE-2012-0870, CVE-2012-1182, CVE-2012-2111
MD5 | d09ac67d577b9ebfc89bc15fa631a991
HP Security Bulletin HPSBUX02657 SSRT100460 1
Posted Jun 18, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02657 SSRT100460 1 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2010-2063, CVE-2010-3069, CVE-2011-0719
MD5 | 8a2837b887eb10cd9cfa9a1de141c144
HP Security Bulletin HPSBUX02609 SSRT100147
Posted Dec 3, 2010
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02609 SSRT100147 - A potential security vulnerability has been identified with HP-UX CIFS-Server (Samba). The vulnerability could be exploited remotely to execute arbitrary code or create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary
systems | hpux
advisories | CVE-2010-2063
MD5 | 8a5d53362583b558cf16b1f3a82be361
VMware Security Advisory 2010-0013
Posted Sep 1, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - The service console package cpio is updated to version 2.5-6.RHEL3. The service console package tar is updated to version 1.13.25-16.RHEL3. The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The service console package krb5 is updated to version 1.2.7-72. The service console package perl is updated to version 5.8.0-101.EL3.

tags | advisory, perl
advisories | CVE-2005-4268, CVE-2010-0624, CVE-2010-0624, CVE-2010-2063, CVE-2010-1321, CVE-2010-1168, CVE-2010-1447
MD5 | b09485d6be1c4762b45d7696cf3e5929
Samba chain_reply Memory Corruption (Linux x86)
Posted Jul 17, 2010
Authored by jduck | Site metasploit.com

This exploits a memory corruption vulnerability present in Samba versions prior to 3.3.13. When handling chained response packets, Samba fails to validate the offset value used when building the next part. By setting this value to a number larger than the destination buffer size, an attacker can corrupt memory. Additionally, setting this value to a value smaller than 'smb_wct' (0x24) will cause the header of the input buffer chunk to be corrupted. After close inspection, it appears that 3.0.x versions of Samba are not exploitable. Since they use an "InputBuffer" size of 0x20441, an attacker cannot cause memory to be corrupted in an exploitable way. It is possible to corrupt the heap header of the "InputBuffer", but it didn't seem possible to get the chunk to be processed again prior to process exit. In order to gain code execution, this exploit attempts to overwrite a "talloc chunk" destructor function pointer. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the nx memory protection. NOTE: It is possible to make exploitation attempts indefinitely since Samba forks for user sessions in the default configuration.

tags | exploit, x86, code execution
systems | linux
advisories | CVE-2010-2063
MD5 | 8062b52a5590ee932de029a55d8641fb
Mandriva Linux Security Advisory 2010-119
Posted Jun 18, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-119 - Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially crafted packet to crash the server or potentially cause the server to execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2063
MD5 | d0ea75c4056e70509c7375dc049bc3ae
Debian Linux Security Advisory 2061-1
Posted Jun 18, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2061-1 - Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon.

tags | advisory, denial of service, arbitrary, root, protocol
systems | linux, unix, debian
advisories | CVE-2010-2063
MD5 | e31a2d8b3aecbc78a2df0e9cddf4eeb4
iDEFENSE Security Advisory 2010-06-16.1
Posted Jun 17, 2010
Authored by iDefense Labs, Jun Mao | Site idefense.com

iDefense Security Advisory 06.16.10 - Remote exploitation of a buffer overflow vulnerability within Samba Project's Samba could allow an attacker to execute arbitrary code with root privileges. This vulnerability exists in a certain function within Samba, where an attacker could trigger a memory corruption by sending specially crafted SMB requests resulting in heap memory overwritten with attacker supplied data, which can allow attackers to execute code remotely. iDefense has confirmed the existence of this vulnerability in Samba version 3.3.12. Previous versions are suspected to be affected.Samba 3.4.0 and newer versions rewrite the whole logic of the vulnerable function and thus are not affected by this vulnerability.

tags | advisory, remote, overflow, arbitrary, root
advisories | CVE-2010-2063
MD5 | 1ac7daf5c2141d73ad63765f345b0b14
Ubuntu Security Notice 951-1
Posted Jun 17, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 951-1 - Jun Mao discovered that Samba did not correctly validate SMB1 packet contents. An unauthenticated remote attacker could send specially crafted network traffic that could execute arbitrary code as the root user.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2010-2063
MD5 | e7c5760ff6c895e883874ca021a78f16
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    19 Files
  • 28
    Oct 28th
    29 Files
  • 29
    Oct 29th
    13 Files
  • 30
    Oct 30th
    8 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close