FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- denial of service vulnerability

Affected packages
0 < samba34
0 < samba35
3.6.* < samba36 < 3.6.17
4.0.* < samba4 < 4.0.8

Details

VuXML ID e21c7c7a-0116-11e3-9e83-3c970e169bc2
Discovery 2013-08-05
Entry 2013-08-09
Modified 2013-08-09

The Samba project reports:

All current released versions of Samba are vulnerable to a denial of service on an authenticated or guest connection. A malformed packet can cause the smbd server to loop the CPU performing memory allocations and preventing any further service.

A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated if guest connections are allowed.

[source]

References

CVE Name CVE-2013-4124
URL http://www.samba.org/samba/security/CVE-2013-4124

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.