CVE-2010-1635

The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.

Affected Software

Name	Vendor	Start Version	End Version
Samba	Samba	*	3.4.7 (including)
Samba	Samba	3.0.0 (including)	3.0.0 (including)
Samba	Samba	3.0.1 (including)	3.0.1 (including)
Samba	Samba	3.0.2 (including)	3.0.2 (including)
Samba	Samba	3.0.2a (including)	3.0.2a (including)
Samba	Samba	3.0.3 (including)	3.0.3 (including)
Samba	Samba	3.0.4 (including)	3.0.4 (including)
Samba	Samba	3.0.4-rc1 (including)	3.0.4-rc1 (including)
Samba	Samba	3.0.5 (including)	3.0.5 (including)
Samba	Samba	3.0.6 (including)	3.0.6 (including)
Samba	Samba	3.0.7 (including)	3.0.7 (including)
Samba	Samba	3.0.8 (including)	3.0.8 (including)
Samba	Samba	3.0.9 (including)	3.0.9 (including)
Samba	Samba	3.0.10 (including)	3.0.10 (including)
Samba	Samba	3.0.11 (including)	3.0.11 (including)
Samba	Samba	3.0.12 (including)	3.0.12 (including)
Samba	Samba	3.0.13 (including)	3.0.13 (including)
Samba	Samba	3.0.14 (including)	3.0.14 (including)
Samba	Samba	3.0.14a (including)	3.0.14a (including)
Samba	Samba	3.0.15 (including)	3.0.15 (including)
Samba	Samba	3.0.16 (including)	3.0.16 (including)
Samba	Samba	3.0.17 (including)	3.0.17 (including)
Samba	Samba	3.0.18 (including)	3.0.18 (including)
Samba	Samba	3.0.19 (including)	3.0.19 (including)
Samba	Samba	3.0.20 (including)	3.0.20 (including)
Samba	Samba	3.0.20a (including)	3.0.20a (including)
Samba	Samba	3.0.20b (including)	3.0.20b (including)
Samba	Samba	3.0.21 (including)	3.0.21 (including)
Samba	Samba	3.0.21a (including)	3.0.21a (including)
Samba	Samba	3.0.21b (including)	3.0.21b (including)
Samba	Samba	3.0.21c (including)	3.0.21c (including)
Samba	Samba	3.0.22 (including)	3.0.22 (including)
Samba	Samba	3.0.23 (including)	3.0.23 (including)
Samba	Samba	3.0.23a (including)	3.0.23a (including)
Samba	Samba	3.0.23b (including)	3.0.23b (including)
Samba	Samba	3.0.23c (including)	3.0.23c (including)
Samba	Samba	3.0.23d (including)	3.0.23d (including)
Samba	Samba	3.0.24 (including)	3.0.24 (including)
Samba	Samba	3.0.25 (including)	3.0.25 (including)
Samba	Samba	3.0.25-pre1 (including)	3.0.25-pre1 (including)
Samba	Samba	3.0.25-pre2 (including)	3.0.25-pre2 (including)
Samba	Samba	3.0.25-rc1 (including)	3.0.25-rc1 (including)
Samba	Samba	3.0.25-rc2 (including)	3.0.25-rc2 (including)
Samba	Samba	3.0.25-rc3 (including)	3.0.25-rc3 (including)
Samba	Samba	3.0.25a (including)	3.0.25a (including)
Samba	Samba	3.0.25b (including)	3.0.25b (including)
Samba	Samba	3.0.25c (including)	3.0.25c (including)
Samba	Samba	3.0.26 (including)	3.0.26 (including)
Samba	Samba	3.0.26a (including)	3.0.26a (including)
Samba	Samba	3.0.27 (including)	3.0.27 (including)
Samba	Samba	3.0.27a (including)	3.0.27a (including)
Samba	Samba	3.0.28 (including)	3.0.28 (including)
Samba	Samba	3.0.28a (including)	3.0.28a (including)
Samba	Samba	3.0.29 (including)	3.0.29 (including)
Samba	Samba	3.0.30 (including)	3.0.30 (including)
Samba	Samba	3.0.31 (including)	3.0.31 (including)
Samba	Samba	3.0.32 (including)	3.0.32 (including)
Samba	Samba	3.0.33 (including)	3.0.33 (including)
Samba	Samba	3.0.34 (including)	3.0.34 (including)
Samba	Samba	3.0.35 (including)	3.0.35 (including)
Samba	Samba	3.0.36 (including)	3.0.36 (including)
Samba	Samba	3.0.37 (including)	3.0.37 (including)
Samba	Samba	3.1.0 (including)	3.1.0 (including)
Samba	Samba	3.2 (including)	3.2 (including)
Samba	Samba	3.2.0 (including)	3.2.0 (including)
Samba	Samba	3.2.1 (including)	3.2.1 (including)
Samba	Samba	3.2.2 (including)	3.2.2 (including)
Samba	Samba	3.2.3 (including)	3.2.3 (including)
Samba	Samba	3.2.4 (including)	3.2.4 (including)
Samba	Samba	3.2.5 (including)	3.2.5 (including)
Samba	Samba	3.2.6 (including)	3.2.6 (including)
Samba	Samba	3.2.7 (including)	3.2.7 (including)
Samba	Samba	3.2.8 (including)	3.2.8 (including)
Samba	Samba	3.2.9 (including)	3.2.9 (including)
Samba	Samba	3.2.10 (including)	3.2.10 (including)
Samba	Samba	3.2.11 (including)	3.2.11 (including)
Samba	Samba	3.2.12 (including)	3.2.12 (including)
Samba	Samba	3.2.13 (including)	3.2.13 (including)
Samba	Samba	3.2.14 (including)	3.2.14 (including)
Samba	Samba	3.2.15 (including)	3.2.15 (including)
Samba	Samba	3.3 (including)	3.3 (including)
Samba	Samba	3.3.0 (including)	3.3.0 (including)
Samba	Samba	3.3.1 (including)	3.3.1 (including)
Samba	Samba	3.3.2 (including)	3.3.2 (including)
Samba	Samba	3.3.3 (including)	3.3.3 (including)
Samba	Samba	3.3.4 (including)	3.3.4 (including)
Samba	Samba	3.3.5 (including)	3.3.5 (including)
Samba	Samba	3.3.6 (including)	3.3.6 (including)
Samba	Samba	3.3.7 (including)	3.3.7 (including)
Samba	Samba	3.3.8 (including)	3.3.8 (including)
Samba	Samba	3.3.9 (including)	3.3.9 (including)
Samba	Samba	3.3.10 (including)	3.3.10 (including)
Samba	Samba	3.3.11 (including)	3.3.11 (including)
Samba	Samba	3.4 (including)	3.4 (including)
Samba	Samba	3.4.0 (including)	3.4.0 (including)
Samba	Samba	3.4.1 (including)	3.4.1 (including)
Samba	Samba	3.4.2 (including)	3.4.2 (including)
Samba	Samba	3.4.3 (including)	3.4.3 (including)
Samba	Samba	3.4.4 (including)	3.4.4 (including)
Samba	Samba	3.4.5 (including)	3.4.5 (including)
Samba	Samba	3.4.6 (including)	3.4.6 (including)
Samba	Samba	3.5 (including)	3.5 (including)
Samba	Samba	3.5.0 (including)	3.5.0 (including)
Samba	Samba	3.5.1 (including)	3.5.1 (including)
Samba	Ubuntu	dapper	*
Samba	Ubuntu	hardy	*
Samba	Ubuntu	jaunty	*
Samba	Ubuntu	karmic	*
Samba	Ubuntu	lucid	*
Samba	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-1635
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References