Bug 601419 (CVE-2010-2063) - CVE-2010-2063 samba: memory corruption vulnerability
Summary: CVE-2010-2063 samba: memory corruption vulnerability
Alias: CVE-2010-2063
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 602317 602318 602319 602320 602321 602322 602323 602652 602655 602656
TreeView+ depends on / blocked
Reported: 2010-06-07 22:02 UTC by Vincent Danen
Modified: 2021-02-24 23:01 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-07-08 16:22:20 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0488 0 normal SHIPPED_LIVE Critical: samba and samba3x security update 2010-06-16 21:36:09 UTC

Description Vincent Danen 2010-06-07 22:02:08 UTC
A memory corruption vulnerability exists in the chain_reply() function in Samba 3.3.12 and earlier.  3.4.x and later are not affected.  This flaw could allow a remote, unauthenticated attacker, to crash the samba server or, possibly, execute arbitrary code with the privileges of the samba server.


Red Hat would like to thank the Samba team for responsibly reporting this issue. Upstream acknowledges Jun Mao as the original reporter.

Comment 9 Josh Bressers 2010-06-16 13:55:29 UTC
This is now public:

Comment 10 errata-xmlrpc 2010-06-16 21:36:22 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 3
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 5.3.Z - Server Only
  Red Hat Enterprise Linux 5.4.Z - Server Only
  Red Hat Enterprise Linux 4.7 Z Stream

Via RHSA-2010:0488 https://rhn.redhat.com/errata/RHSA-2010-0488.html

Note You need to log in before you can comment on or make changes to this bug.