CVE-2010-1642

Public Date:: 2010-05-12

Bugzilla:: 594921: CVE-2010-1635, CVE-2010-1642 samba: denial of service vulnerabilities

The MITRE CVE dictionary describes this issue as:

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

Find out more about CVE-2010-1642 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Red Hat does not consider this to be a security flaw. This issue can cause smbd per-connection child process crash, resulting in the termination of an attacker's connection. Availability of the smb service is not impacted.

Last Modified 2018-05-01T14:24:55+00:00

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

CVE-2010-1642

Statement