Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2013-4124First vendor Publication2013-08-05
VendorCveLast vendor Modification2018-10-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124

CWE : Common Weakness Enumeration

%idName
100 %CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19319
 
Oval ID: oval:org.mitre.oval:def:19319
Title: USN-1966-1 -- samba vulnerability
Description: Samba could be made to hang if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1966-1
CVE-2013-4124
Version: 5
Platform(s): Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23548
 
Oval ID: oval:org.mitre.oval:def:23548
Title: RHSA-2014:0305: samba security update (Moderate)
Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family: unix Class: patch
Reference(s): RHSA-2014:0305-00
CESA-2014:0305
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 13
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24306
 
Oval ID: oval:org.mitre.oval:def:24306
Title: ELSA-2014:0305: samba security update (Moderate)
Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family: unix Class: patch
Reference(s): ELSA-2014:0305-00
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 7
Platform(s): Oracle Linux 5
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25773
 
Oval ID: oval:org.mitre.oval:def:25773
Title: SUSE-SU-2013:1468-1 -- Security update for Samba
Description: The Samba server suite received a security update to fix a denial of service problem in integer wrap protection. (CVE-2013-4124). Additionally, the following stability fixes are included in this update: * Fix libreplace license ambiguity. (bnc#765270) * Document idmap_ad rfc2307 attribute requirements. (bnc#820531) * The pam_winbind require_membership_of option allows for a list of SID, but currently only provides buffer space for ~20. (bnc#806501). Security Issue reference: * CVE-2013-4124 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4124 >
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1468-1
CVE-2013-4124
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25565
 
Oval ID: oval:org.mitre.oval:def:25565
Title: SUSE-SU-2013:1469-1 -- Security update for Samba
Description: The Samba server suite received a security update to fix a denial of service problem in integer wrap protection.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1469-1
CVE-2013-4124
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26024
 
Oval ID: oval:org.mitre.oval:def:26024
Title: RHSA-2013:1543: samba4 security and bug fix update (Moderate)
Description: Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Family: unix Class: patch
Reference(s): RHSA-2013:1543-02
CESA-2013:1543
CVE-2013-4124
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): samba4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25668
 
Oval ID: oval:org.mitre.oval:def:25668
Title: RHSA-2013-1542: samba security, bug fix and enhancement update (Moderate)
Description: These updated samba packages include numerous bug fixes and one element.
Family: unix Class: patch
Reference(s): RHSA-2013:1542-02
CESA-2013:1542
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26482
 
Oval ID: oval:org.mitre.oval:def:26482
Title: HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code
Description: Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4124
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26470
 
Oval ID: oval:org.mitre.oval:def:26470
Title: HP-UX CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access
Description: Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Family: unix Class: vulnerability
Reference(s): CVE-2013-4124
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27199
 
Oval ID: oval:org.mitre.oval:def:27199
Title: RHSA-2013:1310 -- samba3x security and bug fix update (Moderate)
Description: Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim&#39;s password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba3x packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba3x users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically.
Family: unix Class: patch
Reference(s): RHSA-2013:1310
CESA-2013:1310
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27443
 
Oval ID: oval:org.mitre.oval:def:27443
Title: ELSA-2013-1310 -- samba3x security and bug fix update (moderate)
Description: [3.6.6-0.136] - resolves: #984807 - CVE-2013-4124: DoS via integer overflow when reading an EA list
Family: unix Class: patch
Reference(s): ELSA-2013-1310
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 3
Platform(s): Oracle Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27317
 
Oval ID: oval:org.mitre.oval:def:27317
Title: ELSA-2013-1543 -- samba4 security and bug fix update (moderate)
Description: [4.0.0-58.rc4] - Fix winbind lsat reconnection code, avoids ntlmv2-only session setup problems - resolves: #949993 [4.0.0-57.rc4] - resolves: #984809 - CVE-2013-4124: DoS via integer overflow when reading an EA list [4.0.0-56.rc4] - Fix libwbclient.so.0 symlink. - resolves: #882338 - Fix correct linking of libreplace with cmdline-credentials. - resolves: #911264
Family: unix Class: patch
Reference(s): ELSA-2013-1543
CVE-2013-4124
Version: 3
Platform(s): Oracle Linux 6
Product(s): samba4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27234
 
Oval ID: oval:org.mitre.oval:def:27234
Title: ELSA-2013-1542 -- samba security, bug fix, and enhancement update (moderate)
Description: [3.6.9-164] - resolves: #1008574 - Fix offline logon cache not updating for cross child domain group membership.
Family: unix Class: patch
Reference(s): ELSA-2013-1542
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 3
Platform(s): Oracle Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26876
 
Oval ID: oval:org.mitre.oval:def:26876
Title: DEPRECATED: ELSA-2014-0305 -- samba security update (moderate)
Description: [3.0.33-3.40.el5] - Security Release, fixes CVE-2013-0213 and CVE-2013-4124 - resolves: #1073350
Family: unix Class: patch
Reference(s): ELSA-2014-0305
CVE-2013-0213
CVE-2013-0214
CVE-2013-4124
Version: 4
Platform(s): Oracle Linux 5
Product(s): samba
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application168
Os4
Os2
Os2
Os1

ExploitDB Exploits

idDescription
2013-08-22Samba nttrans Reply - Integer Overflow Vulnerability

Information Assurance Vulnerability Management (IAVM)

DateDescription
2013-08-08IAVM : 2013-B-0082 - Samba Denial of Service Vulnerability
Severity : Category I - VMSKEY : V0039910

Metasploit Database

idDescription
2018-08-26 Samba read_nttrans_ea_list Integer Overflow

Nessus® Vulnerability Scanner

DateDescription
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0723-1.nasl - Type : ACT_GATHER_INFO
2015-02-26Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201502-15.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_samba_20140102.nasl - Type : ACT_GATHER_INFO
2014-11-12Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1310.nasl - Type : ACT_GATHER_INFO
2014-11-12Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1542.nasl - Type : ACT_GATHER_INFO
2014-11-12Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1543.nasl - Type : ACT_GATHER_INFO
2014-08-20Name : The remote Fedora host is missing a security update.
File : fedora_2014-9132.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-644.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-651.nasl - Type : ACT_GATHER_INFO
2014-03-18Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0305.nasl - Type : ACT_GATHER_INFO
2014-03-18Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0305.nasl - Type : ACT_GATHER_INFO
2014-03-18Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140317_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-03-18Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0305.nasl - Type : ACT_GATHER_INFO
2013-12-04Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_samba4_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-12-04Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_samba_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-11-27Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1542.nasl - Type : ACT_GATHER_INFO
2013-11-27Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1543.nasl - Type : ACT_GATHER_INFO
2013-11-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1542.nasl - Type : ACT_GATHER_INFO
2013-11-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1543.nasl - Type : ACT_GATHER_INFO
2013-10-11Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130930_samba3x_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-09Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1310.nasl - Type : ACT_GATHER_INFO
2013-10-01Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1310.nasl - Type : ACT_GATHER_INFO
2013-09-25Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1966-1.nasl - Type : ACT_GATHER_INFO
2013-09-20Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cifs-mount-130806.nasl - Type : ACT_GATHER_INFO
2013-09-20Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cifs-mount-130807.nasl - Type : ACT_GATHER_INFO
2013-08-15Name : The remote Fedora host is missing a security update.
File : fedora_2013-14355.nasl - Type : ACT_GATHER_INFO
2013-08-10Name : The remote Fedora host is missing a security update.
File : fedora_2013-14312.nasl - Type : ACT_GATHER_INFO
2013-08-10Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_e21c7c7a011611e39e833c970e169bc2.nasl - Type : ACT_GATHER_INFO
2013-08-08Name : The remote Samba server is affected by a denial of service vulnerability.
File : samba_4_0_8.nasl - Type : ACT_GATHER_INFO
2013-08-07Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-207.nasl - Type : ACT_GATHER_INFO
2013-08-07Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-218-03.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2013-08/0028.html
CONFIRM http://ftp.samba.org/pub/samba/patches/security/samba-4.0.7-CVE-2013-4124.patch
http://www.samba.org/samba/history/samba-3.5.22.html
http://www.samba.org/samba/history/samba-3.6.17.html
http://www.samba.org/samba/history/samba-4.0.8.html
http://www.samba.org/samba/security/CVE-2013-4124
https://bugzilla.redhat.com/show_bug.cgi?id=984401
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113591....
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114011....
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864....
GENTOO http://security.gentoo.org/glsa/glsa-201502-15.xml
HP http://marc.info/?l=bugtraq&m=141660010015249&w=2
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2013:207
REDHAT http://rhn.redhat.com/errata/RHSA-2013-1310.html
http://rhn.redhat.com/errata/RHSA-2013-1542.html
http://rhn.redhat.com/errata/RHSA-2013-1543.html
http://rhn.redhat.com/errata/RHSA-2014-0305.html
SECTRACK http://www.securitytracker.com/id/1028882
SUSE http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00015.html
UBUNTU http://www.ubuntu.com/usn/USN-1966-1
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/86185

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
DateInformations
2018-10-31 00:20:32
  • Multiple Updates
2018-01-26 12:04:58
  • Multiple Updates
2017-08-29 09:24:18
  • Multiple Updates
2017-01-11 13:25:28
  • Multiple Updates
2017-01-07 09:25:12
  • Multiple Updates
2016-08-23 09:24:48
  • Multiple Updates
2016-06-28 19:38:22
  • Multiple Updates
2016-04-26 23:30:22
  • Multiple Updates
2016-03-08 00:24:38
  • Multiple Updates
2016-03-07 21:24:12
  • Multiple Updates
2015-05-21 13:30:45
  • Multiple Updates
2015-03-06 21:24:19
  • Multiple Updates
2015-03-05 17:22:26
  • Multiple Updates
2015-03-05 09:22:46
  • Multiple Updates
2015-03-03 09:23:02
  • Multiple Updates
2015-02-27 13:24:21
  • Multiple Updates
2015-01-21 13:26:18
  • Multiple Updates
2014-11-13 13:26:52
  • Multiple Updates
2014-06-14 13:35:59
  • Multiple Updates
2014-03-26 13:22:37
  • Multiple Updates
2014-03-19 13:21:27
  • Multiple Updates
2014-02-17 11:21:44
  • Multiple Updates
2014-01-04 13:19:31
  • Multiple Updates
2013-12-08 13:19:29
  • Multiple Updates
2013-11-11 12:40:43
  • Multiple Updates
2013-10-25 21:20:03
  • Multiple Updates
2013-10-23 21:19:58
  • Multiple Updates
2013-10-11 13:27:02
  • Multiple Updates
2013-10-02 17:19:28
  • Multiple Updates
2013-09-12 13:20:45
  • Multiple Updates
2013-09-09 21:21:28
  • Multiple Updates
2013-09-08 00:19:29
  • Multiple Updates
2013-08-22 17:20:44
  • Multiple Updates
2013-08-07 21:20:21
  • First insertion