CVE-2010-1642

Name of the Vulnerable Software and Affected Versions Samba versions prior to 3.4.8 Samba versions 3.5.x prior to 3.5.2

Description The issue allows remote attackers to trigger an out-of-bounds read and cause a denial of service via a Session Setup AndX request with a specific security blob length, such as xffxff. Multiple vulnerabilities in the Samba package may lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Samba versions prior to 3.4.8, update to version 3.4.8 or later. For Samba versions 3.5.x prior to 3.5.2, update to version 3.5.2 or later. As a temporary workaround, consider restricting access to the reply sesssetup and X spnego function in sesssetup.c until a patch is available.