CVE Database


Impact: None
Public: 2010-05-12
Bugzilla: 594921: CVE-2010-1635, CVE-2010-1642 samba: denial of service vulnerabilities


The MITRE CVE dictionary describes this issue as:

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

Find out more about CVE-2010-1642 from the MITRE CVE dictionary and NIST NVD.


Red Hat does not consider this to be a security flaw. This issue can cause smbd per-connection child process crash, resulting in the termination of an attacker's connection. Availability of the smb service is not impacted.

Red Hat security errata

Platform Errata Release Date

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.