all things security
Showing 1 - 13 of 13 RSS Feed

CVE-2013-4124

Status Candidate

Overview

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Related Files

Gentoo Linux Security Advisory 201502-15
Posted Feb 26, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201502-15 - Multiple vulnerabilities have been found in Samba, the worst of which allowing a context-dependent attacker to bypass intended file restrictions, cause a Denial of Service or execute arbitrary code. Versions less than 3.6.25 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-6150, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4476, CVE-2013-4496, CVE-2014-0178, CVE-2014-0239, CVE-2014-0244, CVE-2014-3493, CVE-2015-0240
MD5 | ed6680e5a8bdf6ccae7ffd7a0557a2d5
HP Security Bulletin HPSBUX03087 SSRT101413 2
Posted Nov 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03087 SSRT101413 2 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), execution of arbitrary code, or unauthorized access. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2012-6150, CVE-2013-4124, CVE-2013-4408
MD5 | cd81e5796c2cf931df077deee4782d3e
HP Security Bulletin HPSBUX03087 SSRT101413
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03087 SSRT101413 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2012-6150, CVE-2013-4124, CVE-2013-4408
MD5 | ef873f56dff5344e197b5a2df6d3cff1
Red Hat Security Advisory 2014-0305-01
Posted Mar 17, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0305-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.

tags | advisory, remote, web, protocol, csrf
systems | linux, redhat
advisories | CVE-2013-0213, CVE-2013-0214, CVE-2013-4124
MD5 | 12dc7ea867e1c2cff6d59aad29d1e59f
Red Hat Security Advisory 2013-1543-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1543-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. Note: This issue did not affect the default configuration of the Samba server.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2013-4124
MD5 | ce7b3ef4d0982fae4e1fac3cca96abf9
Red Hat Security Advisory 2013-1542-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1542-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.

tags | advisory, remote, web, protocol, csrf
systems | linux, redhat
advisories | CVE-2013-0213, CVE-2013-0214, CVE-2013-4124
MD5 | 6a7383ebdc759a888e2d5c08af123088
Red Hat Security Advisory 2013-1310-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1310-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. A flaw was found in the Cross-Site Request Forgery protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user.

tags | advisory, remote, web, protocol, csrf
systems | linux, redhat
advisories | CVE-2013-0213, CVE-2013-0214, CVE-2013-4124
MD5 | dffe8b1421cf3599761ed01211221249
Ubuntu Security Notice USN-1966-1
Posted Sep 24, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1966-1 - Jeremy Allison discovered that Samba incorrectly handled certain extended attribute lists. A remote attacker could use this issue to cause Samba to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4124
MD5 | 598d2b03f5b040871ca8c1e350074129
Samba nttrans Denial Of Service
Posted Aug 23, 2013
Authored by x90c

Samba malformed nttrans smb packet remote denial of service exploit. This is the second version of this exploit that adds an automated offset and second argument.

tags | exploit, remote, denial of service
advisories | CVE-2013-4124
MD5 | b79361919f1960c55e71a2fbbc77d6fb
Samba Remote Denial Of Service
Posted Aug 21, 2013
Authored by x90c

Samba malformed nttrans smb packet remote denial of service exploit.

tags | exploit, remote, denial of service
advisories | CVE-2013-4124
MD5 | 113373cd7b0372c4f7190e40014c7627
Samba nttrans Replay Integer Overflow
Posted Aug 21, 2013
Authored by x90c

This is a brief paper detailing the Samba nttrans reply integer overflow vulnerability.

tags | paper, overflow
advisories | CVE-2013-4124
MD5 | 2dd13b92c134e4d1285d33a405573e06
Mandriva Linux Security Advisory 2013-207
Posted Aug 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-207 - Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service via a malformed packet. The updated packages for Enterprise Server 5.2 has been patched to correct this issue. The updated packages for Business Server 1 has been upgraded to the 3.6.17 version which resolves many upstream bugs and is not vulnerable to this issue. Additionally the libtevent packages are being provided which is a requirement since samba 3.6.16.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2013-4124
MD5 | 610557b99cfa511357a8efe60fd5f0d7
Slackware Security Advisory - samba Updates
Posted Aug 7, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New samba packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-4124.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-4124
MD5 | 8626400fb0ab3a9acbd3a3112998776a
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close