Vulnerability Details : CVE-2010-2063
Public exploit exists!
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-2063
Probability of exploitation activity in the next 30 days: 97.18%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-2063
-
Samba chain_reply Memory Corruption (Linux x86)
Disclosure Date: 2010-06-16First seen: 2020-04-26exploit/linux/samba/chain_replyThis exploits a memory corruption vulnerability present in Samba versions prior to 3.3.13. When handling chained response packets, Samba fails to validate the offset value used when building the next part. By setting this value to a number larger than the destinati
CVSS scores for CVE-2010-2063
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-2063
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2063
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:119
mandriva.comThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/3063
Webmail | OVH- OVHPermissions Required
-
http://www.samba.org/samba/ftp/patches/security/samba-3.0.37-CVE-2010-2063.patch
Patch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2010/1507
Webmail | OVH- OVHPermissions Required
-
http://www.vupen.com/english/advisories/2010/1517
Webmail | OVH- OVHPermissions Required
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9859
Repository / Oval RepositoryThird Party Advisory
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873
Broken Link
-
http://www.samba.org/samba/ftp/history/samba-3.3.13.html
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/59481
Samba SMB1 packet code execution CVE-2010-1168 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=130835366526620&w=2
'[security bulletin] HPSBUX02657 SSRT100460 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrar' - MARCMailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/1486
Webmail | OVH- OVHPermissions Required
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12427
Repository / Oval RepositoryThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7115
Repository / Oval RepositoryThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www.samba.org/samba/ftp/patches/security/samba-3.3.12-CVE-2010-2063.patch
Patch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2010/1505
Webmail | OVH- OVHPermissions Required
-
http://www.securitytracker.com/id?1024107
Samba SMB1 Packet Chaining Memory Corruption Error Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2010-0488.html
SupportThird Party Advisory
-
http://support.apple.com/kb/HT4312
About Security Update 2010-005 - Apple SupportThird Party Advisory
-
http://www.securityfocus.com/bid/40884
Samba 'SMB1 Packet Chaining' Unspecified Remote Memory Corruption VulnerabilityThird Party Advisory;VDB Entry
-
http://marc.info/?l=bugtraq&m=129138831608422&w=2
'[security bulletin] HPSBUX02609 SSRT100147 rev.1 - CIFS Server (Samba), Remote Execution of Arbitrar' - MARCMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:014Mailing List;Third Party Advisory
-
http://www.debian.org/security/2010/dsa-2061
Debian -- Security Information -- DSA-2061-1 sambaThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/1504
Webmail | OVH- OVHPermissions Required
-
http://ubuntu.com/usn/usn-951-1
USN-951-1: Samba vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.samba.org/samba/security/CVE-2010-2063.html
Vendor Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914
The Slackware Linux Project: Slackware Security AdvisoriesMailing List;Third Party Advisory
-
http://marc.info/?l=samba-announce&m=127668712312761&w=2
'Samba 3.3.13 Security Release Available for Download' - MARCMailing List;Patch;Third Party Advisory
Products affected by CVE-2010-2063
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*