Vulnerability Details : CVE-2010-3069
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-3069
Probability of exploitation activity in the next 30 days: 91.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3069
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-3069
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3069
-
http://support.apple.com/kb/HT4581
About the security content of Mac OS X v10.6.7 and Security Update 2011-001 - Apple SupportThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:018Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.html
[SECURITY] Fedora 12 Update: samba-3.4.9-60.fc12Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2011/0091
Webmail | OVH- OVHPermissions Required
-
http://marc.info/?l=bugtraq&m=130835366526620&w=2
'[security bulletin] HPSBUX02657 SSRT100460 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrar' - MARCMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:019Mailing List;Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.html
[SECURITY] Fedora 14 Update: samba-3.5.5-68.fc14Mailing List;Third Party Advisory
-
http://www.securitytracker.com/id?1024434
Samba Buffer Overflow in sid_parse() Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://support.apple.com/kb/HT4723
About the security content of Mac OS X v10.6.8 and Security Update 2011-004 - Apple SupportThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/3126
Webmail | OVH- OVHPermissions Required
-
http://www.securityfocus.com/bid/43212
Samba SID Parsing Remote Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/61773
Samba sid_parse() buffer overflow CVE-2010-3069 Vulnerability ReportVDB Entry
-
http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-987-1
USN-987-1: Samba vulnerability | Ubuntu security noticesThird Party Advisory
-
http://us1.samba.org/samba/history/samba-3.5.5.html
Vendor Advisory
-
http://www.vupen.com/english/advisories/2010/2378
Webmail | OVH- OVHPermissions Required
-
http://www.vmware.com/security/advisories/VMSA-2010-0019.html
VMSA-2010-0019.3Permissions Required;Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0860.html
SupportThird Party Advisory
-
http://www.securityfocus.com/archive/1/515055/100/0/threaded
SecurityFocusThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.html
[SECURITY] Fedora 13 Update: samba-3.5.5-68.fc13Mailing List;Third Party Advisory
-
http://us1.samba.org/samba/security/CVE-2010-3069.html
Vendor Advisory
Products affected by CVE-2010-3069
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*