CVE-2010-3069

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.

References

http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://marc.info/?l=bugtraq&m=130835366526620&w=2

http://secunia.com/advisories/41354

http://secunia.com/advisories/41447

http://secunia.com/advisories/42531

http://secunia.com/advisories/42885

http://support.apple.com/kb/HT4581

http://support.apple.com/kb/HT4723

http://us1.samba.org/samba/history/samba-3.5.5.html

http://us1.samba.org/samba/security/CVE-2010-3069.html

http://www.redhat.com/support/errata/RHSA-2010-0860.html

http://www.securityfocus.com/archive/1/515055/100/0/threaded

http://www.securityfocus.com/bid/43212

http://www.securitytracker.com/id?1024434

http://www.ubuntu.com/usn/USN-987-1

http://www.vmware.com/security/advisories/VMSA-2010-0019.html

http://www.vupen.com/english/advisories/2010/2378

http://www.vupen.com/english/advisories/2010/3126

http://www.vupen.com/english/advisories/2011/0091

https://exchange.xforce.ibmcloud.com/vulnerabilities/61773

Details

Source: MITRE

Published: 2010-09-15

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:samba:samba:1.9.17:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.17:p1:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.17:p2:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.17:p3:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.17:p4:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.17:p5:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.18:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.18:p1:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.18:p10:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.18:p2:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.18:p3:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.18:p4:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.18:p5:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.18:p6:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.18:p7:*:*:*:*:*:*

cpe:2.3:a:samba:samba:1.9.18:p8:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.5a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.8a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.18.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.27a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.28:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.28a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.34:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.35:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.36:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.37:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.13:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.14:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.2.15:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.3.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* versions up to 3.5.4 (inclusive)

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
108085Solaris 10 (x86) : 146364-01NessusSolaris Local Security Checks
high
107590Solaris 10 (sparc) : 146363-01NessusSolaris Local Security Checks
high
89745VMware ESX Multiple Vulnerabilities (VMSA-2010-0019) (remote check)NessusVMware ESX Local Security Checks
high
75568openSUSE Security Update : ldapsmb (openSUSE-SU-2010:0653-1)NessusSuSE Local Security Checks
high
68138Oracle Linux 6 : samba (ELSA-2010-0860)NessusOracle Linux Local Security Checks
high
68101Oracle Linux 5 : samba3x (ELSA-2010-0698)NessusOracle Linux Local Security Checks
high
68100Oracle Linux 3 / 4 / 5 : samba (ELSA-2010-0697)NessusOracle Linux Local Security Checks
high
60897Scientific Linux Security Update : samba on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
high
60857Scientific Linux Security Update : samba on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60856Scientific Linux Security Update : samba3x on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
59675GLSA-201206-22 : Samba: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
55415Mac OS X Multiple Vulnerabilities (Security Update 2011-004)NessusMacOS X Local Security Checks
high
52754Mac OS X 10.6.x < 10.6.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
800796Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5826Mac OS X 10.6 < 10.6.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
51077VMSA-2010-0019 : VMware ESX third-party updates for Service ConsoleNessusVMware ESX Local Security Checks
high
50895SuSE 11 / 11.1 Security Update : Samba (SAT Patch Numbers 3099 / 3100)NessusSuSE Local Security Checks
high
50632RHEL 6 : samba (RHSA-2010:0860)NessusRed Hat Local Security Checks
high
49836SuSE 10 Security Update : Samba (ZYPP Patch Number 7151)NessusSuSE Local Security Checks
high
49759SuSE9 Security Update : Samba (YOU Patch Number 12644)NessusSuSE Local Security Checks
high
49670openSUSE Security Update : cifs-mount (openSUSE-SU-2010:0659-1)NessusSuSE Local Security Checks
high
49667openSUSE Security Update : cifs-mount (openSUSE-SU-2010:0658-1)NessusSuSE Local Security Checks
high
49275Debian DSA-2109-1 : samba - buffer overflowNessusDebian Local Security Checks
high
49263Mandriva Linux Security Advisory : samba (MDVSA-2010:184)NessusMandriva Local Security Checks
high
49262CentOS 5 : samba3x (CESA-2010:0698)NessusCentOS Local Security Checks
high
49261CentOS 3 / 4 / 5 : samba (CESA-2010:0697)NessusCentOS Local Security Checks
high
49249Fedora 14 : samba-3.5.5-68.fc14 (2010-14768)NessusFedora Local Security Checks
high
49248Fedora 12 : samba-3.4.9-60.fc12 (2010-14678)NessusFedora Local Security Checks
high
49247Fedora 13 : samba-3.5.5-68.fc13 (2010-14627)NessusFedora Local Security Checks
high
49236Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : samba vulnerability (USN-987-1)NessusUbuntu Local Security Checks
high
49233RHEL 5 : samba3x (RHSA-2010:0698)NessusRed Hat Local Security Checks
high
49232RHEL 3 / 4 / 5 : samba (RHSA-2010:0697)NessusRed Hat Local Security Checks
high
49229Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : samba (SSA:2010-257-01)NessusSlackware Local Security Checks
high
49228Samba 3.x < 3.5.5 / 3.4.9 / 3.3.14 sid_parse Buffer OverflowNessusMisc.
high
5663Samba 3.x < 3.5.5 / 3.4.9 / 3.3.14 sid_parse Buffer OverflowNessus Network MonitorSamba
critical