CVE-2010-1635

Name of the Vulnerable Software and Affected Versions Samba versions prior to 3.4.8 Samba versions 3.5.x prior to 3.5.2 Samba versions prior to 3.5.15

Description The issue allows remote attackers to cause a denial of service, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be achieved through specific requests, including a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The chain reply function in process.c in smbd is specifically vulnerable.

Recommendations For Samba versions prior to 3.4.8, update to version 3.4.8 or later. For Samba versions 3.5.x prior to 3.5.2, update to version 3.5.2 or later. For Samba versions prior to 3.5.15, update to version 3.5.15 or later. As a temporary workaround, consider restricting access to the chain reply function in process.c until a patch is available.