Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-1635

The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.

Related bugs and status

CVE-2010-1635 (Candidate) is related to these bugs:

Bug #932239: Multiple Samba security vulnerabilities

Summary				In	Importance	Status
	932239	Multiple Samba security vulnerabilities		samba (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: http://www.vupen.com/e...
MISC: http://www.mandriva.co...
MISC: https://bugzilla.redha...
MISC: http://git.samba.org/?...
MISC: http://samba.org/samba...
MISC: http://samba.org/samba...
MISC: http://security-tracke...
MISC: http://www.stratsec.ne...
MISC: https://bugzilla.samba...