Published: 10/01/2005 Updated: 30/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x up to and including 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba 2.0.0
samba samba 2.0.6
samba samba 2.0.7
samba samba 2.2.1a
samba samba 2.2.2
samba samba 2.2.3
samba samba 2.2.8
samba samba 2.2.8a
samba samba 3.0.2a
samba samba 3.0.3
samba samba 2.0.1
samba samba 2.0.10
samba samba 2.0.8
samba samba 2.0.9
samba samba 2.2.3a
samba samba 2.2.4
samba samba 2.2.9
samba samba 2.2a
samba samba 3.0.4
samba samba 2.0.4
samba samba 2.0.5
samba samba 2.2.11
samba samba 2.2.12
samba samba 2.2.7
samba samba 2.2.7a
samba samba 3.0.1
samba samba 3.0.2
samba samba 3.0.7
samba samba 3.0.8
samba samba 3.0.9
samba samba 2.0.2
samba samba 2.0.3
samba samba 2.2.0
samba samba 2.2.0a
samba samba 2.2.5
samba samba 2.2.6
samba samba 3.0.0
samba samba 3.0.5
samba samba 3.0.6
redhat fedora core core_2.0
redhat fedora core core_3.0
suse suse linux 1.0
suse suse linux 9.2
trustix secure linux 2.0
suse suse linux 9.0
suse suse linux 9.1
suse suse linux 8.1
suse suse linux 8.2
trustix secure linux 2.1
trustix secure linux 2.2

Greg MacManus discovered an integer overflow in Samba’s smbd daemon Requesting a very large number of access control descriptors from the server caused an integer overflow, which resulted in a memory allocation being too short, thus causing a buffer overflow By sending carefully crafted data, an attacker could exploit this to execute arbitrary ...

Synopsis samba security update Type/Severity Security Advisory: Important Topic Updated samba packages that fix an integer overflow vulnerability are nowavailable for Red Hat Enterprise Linux 21 Description Samba provides file and printer sharing services to SMB/CIFS clientsGreg MacManus ...

Synopsis samba security update Type/Severity Security Advisory: Important Topic Updated samba packages that fix an integer overflow vulnerability are nowavailable for Red Hat Enterprise Linux 3 Description Samba provides file and printer sharing services to SMB/CIFS clientsGreg MacManus o ...

It has been discovered that the last security update for Samba, a LanManager like file and printer server for GNU/Linux and Unix-like systems caused the daemon to crash upon reload This has been fixed For reference below is the original advisory text: Greg MacManus discovered an integer overflow in the smb daemon from Samba, a LanManager like fi ...

NVD-CWE-Other http://www.kb.cert.org/vuls/id/226184 http://www.samba.org/samba/security/CAN-2004-1154.html http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://www.debian.org/security/2005/dsa-701 http://www.redhat.com/support/errata/RHSA-2005-020.html ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt http://www.novell.com/linux/security/advisories/2004_45_samba.html http://secunia.com/advisories/13453/http://www.securityfocus.com/bid/11973 http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/18519 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A642 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1459 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10236 https://usn.ubuntu.com/41-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/226184

CVE-2004-1154

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect