Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.
Max CVSS
7.5
EPSS Score
91.49%
Published
2010-09-15
Updated
2023-02-13
CVE-2010-2063
Public exploit
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.
Max CVSS
7.5
EPSS Score
97.18%
Published
2010-06-17
Updated
2023-02-13
The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.
Max CVSS
5.0
EPSS Score
41.21%
Published
2010-06-17
Updated
2023-02-13
The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.
Max CVSS
5.0
EPSS Score
44.45%
Published
2010-06-17
Updated
2023-02-13
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string.
Max CVSS
2.1
EPSS Score
0.06%
Published
2010-02-04
Updated
2013-04-19
5 vulnerabilities found