CVE-2013-4124
Published: 5 August 2013
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
vivid |
Not vulnerable
(2:3.6.18-1ubuntu2)
|
lucid |
Released
(2:3.4.7~dfsg-1ubuntu3.12)
|
|
precise |
Released
(2:3.6.3-2ubuntu2.8)
|
|
quantal |
Released
(2:3.6.6-3ubuntu5.2)
|
|
raring |
Released
(2:3.6.9-1ubuntu1.1)
|
|
saucy |
Not vulnerable
(2:3.6.18-1ubuntu2)
|
|
trusty |
Not vulnerable
(2:3.6.18-1ubuntu2)
|
|
upstream |
Released
(3.5.22,3.6.17)
|
|
utopic |
Not vulnerable
(2:3.6.18-1ubuntu2)
|
|
wily |
Not vulnerable
(2:3.6.18-1ubuntu2)
|
|
xenial |
Not vulnerable
(2:3.6.18-1ubuntu2)
|
|
yakkety |
Not vulnerable
(2:3.6.18-1ubuntu2)
|
|
zesty |
Not vulnerable
(2:3.6.18-1ubuntu2)
|
|
Patches: upstream: http://gitweb.samba.org/?p=samba.git;a=commit;h=6ef0e33fe8afa0ebb81652b9d42b42d20efadf04 (3.5.x) upstream: http://gitweb.samba.org/?p=samba.git;a=commit;h=efdbcabbe97a594572d71d714d258a5854c5d8ce (3.6.x) |
||
samba4 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.0.8)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: upstream: http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124
- http://www.samba.org/samba/history/samba-3.5.22.html
- http://www.samba.org/samba/history/samba-3.6.17.html
- http://www.samba.org/samba/history/samba-4.0.8.html
- http://www.samba.org/samba/security/CVE-2013-4124
- https://ubuntu.com/security/notices/USN-1966-1
- https://ubuntu.com/security/notices/USN-1996-1
- NVD
- Launchpad
- Debian