CVE-2010-3069
UnknownEPSS 10.55%
Last modified
CVE-2010-3069 is a vulnerability of currently unknown severity. Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.. EPSS estimates a 10.55% chance of exploitation in the next 30 days.
Description
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | >= 3.0.0, <= 3.3.14 |
| Samba | Samba | >= 3.4.0, < 3.4.9 |
| Samba | Samba | >= 3.5.0, < 3.5.5 |
| Canonical | Ubuntu Linux | 6.06 |
| Canonical | Ubuntu Linux | 8.04 |
| Canonical | Ubuntu Linux | 9.04 |
| Canonical | Ubuntu Linux | 9.10 |
| Canonical | Ubuntu Linux | 10.04 |
References
- http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlMailing List, Third Party Advisory
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=130835366526620&w=2Mailing List, Third Party Advisory
- http://secunia.com/advisories/41354Third Party Advisory
- http://secunia.com/advisories/41447Third Party Advisory
- http://secunia.com/advisories/42531Third Party Advisory
- http://secunia.com/advisories/42885Third Party Advisory
- http://support.apple.com/kb/HT4581Third Party Advisory
- http://support.apple.com/kb/HT4723Third Party Advisory
- http://us1.samba.org/samba/history/samba-3.5.5.htmlVendor Advisory
- http://us1.samba.org/samba/security/CVE-2010-3069.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0860.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/515055/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/43212Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1024434Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-987-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlPermissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2010/2378Permissions Required
- http://www.vupen.com/english/advisories/2010/3126Permissions Required
- http://www.vupen.com/english/advisories/2011/0091Permissions Required
- http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.htmlMailing List, Third Party Advisory
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047650.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047697.htmlMailing List, Third Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047758.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=130835366526620&w=2Mailing List, Third Party Advisory
- http://secunia.com/advisories/41354Third Party Advisory
- http://secunia.com/advisories/41447Third Party Advisory
- http://secunia.com/advisories/42531Third Party Advisory
- http://secunia.com/advisories/42885Third Party Advisory
- http://support.apple.com/kb/HT4581Third Party Advisory
- http://support.apple.com/kb/HT4723Third Party Advisory
- http://us1.samba.org/samba/history/samba-3.5.5.htmlVendor Advisory
- http://us1.samba.org/samba/security/CVE-2010-3069.htmlVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0860.htmlThird Party Advisory
- http://www.securityfocus.com/archive/1/515055/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/43212Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id?1024434Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-987-1Third Party Advisory
- http://www.vmware.com/security/advisories/VMSA-2010-0019.htmlPermissions Required, Third Party Advisory
- http://www.vupen.com/english/advisories/2010/2378Permissions Required
- http://www.vupen.com/english/advisories/2010/3126Permissions Required
- http://www.vupen.com/english/advisories/2011/0091Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2010-3069?
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.
How severe is CVE-2010-3069?
Severity scoring for CVE-2010-3069 is pending analysis. The EPSS model estimates a 10.55% probability of exploitation in the next 30 days.
How do I fix CVE-2010-3069?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2010-3069?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST