CVE-2010-1642 in Samba信息

摘要

由 VulDB • 2026-06-10

smbd中的sesssetup.c文件里的reply_sesssetup_and_X_spnego函数在Samba 3.4.8之前版本以及3.5.x系列中早于3.5.2的版本存在漏洞,远程攻击者可以通过在Session Setup AndX请求中使用\xff\xff作为security blob长度来触发越界读取(out-of-bounds read),从而导致拒绝服务(进程崩溃)。

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

来源

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!