Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2013-4124

Disclosure Date: August 06, 2013
CVE-2013-4124
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
auxiliary/dos/samba/read_nttrans_ea_list
Reporter
Unknown

Vendors

Products

References

Canonical
CVE-2013-4124 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124)
Advisory
HPSBUX03087 (http://marc.info?l=bugtraq&m=141660010015249&w=2)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.html
FEDORA-2014-9132 (http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html)
http://www.samba.org/samba/security/CVE-2013-4124
FEDORA-2013-14312 (http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591.html)
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.html
20130806 [slackware-security] samba (SSA:2013-218-03) (http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html)
http://www.samba.org/samba/history/samba-4.0.8.html
http://www.samba.org/samba/history/samba-3.6.17.html
USN-1966-1 (http://www.ubuntu.com/usn/USN-1966-1)
GLSA-201502-15 (http://security.gentoo.org/glsa/glsa-201502-15.xml)
SECTRACK-1028882 (http://www.securitytracker.com/id/1028882)
http://rhn.redhat.com/errata/RHSA-2014-0305.html
http://www.samba.org/samba/history/samba-3.5.22.html
XF-samba-cve20134121-dos(86185) (https://exchange.xforce.ibmcloud.com/vulnerabilities/86185)
http://www.mandriva.com/security/advisories?name=MDVSA-2013:207
https://bugzilla.redhat.com/show_bug.cgi?id=984401
FEDORA-2013-14355 (http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011.html)
SECUNIA-54519 (http://secunia.com/advisories/54519)
http://rhn.redhat.com/errata/RHSA-2013-1310.html
http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch
http://rhn.redhat.com/errata/RHSA-2013-1542.html
OSVDB-95969 (http://osvdb.org/95969)
http://rhn.redhat.com/errata/RHSA-2013-1543.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis