CVE-2013-4124

Name of the Vulnerable Software and Affected Versions Samba versions prior to 3.5.22 Samba versions prior to 3.6.17 Samba versions prior to 4.0.8 Samba-client versions prior to 3.0.33 Samba-common versions prior to 3.0.33 libsmbclient versions prior to 3.0.33 libwbclient versions prior to 3.0.33

Description The issue is related to an integer overflow in the read nttrans ea list function in nttrans.c in smbd in Samba. This can be exploited by remote attackers to cause a denial of service (memory consumption) via a malformed packet. The vulnerability can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely.

Recommendations For Samba versions prior to 3.5.22, update to version 3.5.22 or later. For Samba versions prior to 3.6.17, update to version 3.6.17 or later. For Samba versions prior to 4.0.8, update to version 4.0.8 or later. For Samba-client versions prior to 3.0.33, update to version 3.0.33 or later. For Samba-common versions prior to 3.0.33, update to version 3.0.33 or later. For libsmbclient versions prior to 3.0.33, update to version 3.0.33 or later. For libwbclient versions prior to 3.0.33, update to version 3.0.33 or later. As a temporary workaround, consider restricting access to the read nttrans ea list function until a patch is available.