CVE-2010-2063

Name of the Vulnerable Software and Affected Versions samba versions prior to 3.5.15 samba3x-client version 3.3.8 samba3x-common version 3.3.8 samba3x-domainjoin-gui version 3.3.8 samba3x-doc version 3.3.8 samba3x-swat version 3.3.8 samba3x-winbind version 3.3.8 samba3x-winbind-devel version 3.3.8 libtalloc1 version 1.2.0 libtalloc1-32bit version 1.2.0 libtalloc1-64bit version 1.2.0 libtalloc1-x86 version 1.2.0 libtdb version 1.1.2 libtdb1-64bit version 1.1.2 libsmbclient version prior to 3.5.15 libsmbclient0-64bit version prior to 3.5.15 libsmbclient-x86 version prior to 3.5.15 libmsrpc version prior to 3.5.15 libmsrpc-devel version prior to 3.5.15 libsmbsharemodes version prior to 3.5.15 libwbclient0-64bit version prior to 3.5.15 cifs-mount version prior to 3.5.15 samba-pdb version prior to 3.5.15 samba-python version prior to 3.5.15 samba-vscan version prior to 3.5.15 samba-winbind-64bit version prior to 3.5.15

Description The issue is related to multiple vulnerabilities in the samba package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The vulnerabilities are caused by a buffer overflow in the SMB1 packet chaining implementation in the chain reply function in process.c in smbd in Samba 3.0.x before 3.3.13, allowing remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.

Recommendations For samba versions prior to 3.5.15, update to version 3.5.15 or later. For samba3x-client version 3.3.8, update to a newer version that contains a fix for this vulnerability. For samba3x-common version 3.3.8, update to a newer version that contains a fix for this vulnerability. For samba3x-domainjoin-gui version 3.3.8, update to a newer version that contains a fix for this vulnerability. For samba3x-doc version 3.3.8, update to a newer version that contains a fix for this vulnerability. For samba3x-swat version 3.3.8, update to a newer version that contains a fix for this vulnerability. For samba3x-winbind version 3.3.8, update to a newer version that contains a fix for this vulnerability. For samba3x-winbind-devel version 3.3.8, update to a newer version that contains a fix for this vulnerability. For libtalloc1 version 1.2.0, update to a newer version that contains a fix for this vulnerability. For libtalloc1-32bit version 1.2.0, update to a newer version that contains a fix for this vulnerability. For libtalloc1-64bit version 1.2.0, update to a newer version that contains a fix for this vulnerability. For libtalloc1-x86 version 1.2.0, update to a newer version that contains a fix for this vulnerability. For libtdb version 1.1.2, update to a newer version that contains a fix for this vulnerability. For libtdb1-64bit version 1.1.2, update to a newer version that contains a fix for this vulnerability. For libsmbclient version prior to 3.5.15, update to version 3.5.15 or later. For libsmbclient0-64bit version prior to 3.5.15, update to version 3.5.15 or later. For libsmbclient-x86 version prior to 3.5.15, update to version 3.5.15 or later. For libmsrpc version prior to 3.5.15, update to version 3.5.15 or later. For libmsrpc-devel version prior to 3.5.15, update to version 3.5.15 or later. For libsmbsharemodes version prior to 3.5.15, update to version 3.5.15 or later. For libwbclient0-64bit version prior to 3.5.15, update to version 3.5.15 or later. For cifs-mount version prior to 3.5.15, update to version 3.5.15 or later. For samba-pdb version prior to 3.5.15, update to version 3.5.15 or later. For samba-python version prior to 3.5.15, update to version 3.5.15 or later. For samba-vscan version prior to 3.5.15, update to version 3.5.15 or later. For samba-winbind-64bit version prior to 3.5.15, update to version 3.5.15 or later. As a temporary workaround, consider disabling the vulnerable components until a patch is available.