CVE-2004-0930

Current Description

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

Basic Data

Published	January 27, 2005
Last Modified	October 11, 2017
Assigner	cve@mitre.org
Data Type	CVE
Data Format	MITRE
Data Version	4.0
Problem Type	NVD-CWE-Other
CVE Data Version	4.0

Base Metric V2

CVSS 2 - Version	2.0
CVSS 2 - Vector String	AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access Vector	NETWORK
CVSS 2 - Access Complexity	LOW
CVSS 2 - Authentication	NONE
CVSS 2 - Confidentiality Impact	NONE
CVSS 2 - Availability Impact	PARTIAL
CVSS 2 - Base Score	5.0
Severity	MEDIUM
Exploitability Score	10.0
Impact Score	2.9
Obtain All Privilege	false
Obtain User Privilege	false
Obtain Other Privilege	false

Base Metric V3

No data provided.

Configurations

OR - Configuration 1

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	Application	Samba	Samba	3.0.0	*	*	*	*	*	*	*
2.3	Application	Samba	Samba	3.0.3	*	*	*	*	*	*	*
2.3	Application	Samba	Samba	3.0.4	*	*	*	*	*	*	*
2.3	Application	Samba	Samba	3.0.5	*	*	*	*	*	*	*
2.3	Application	Samba	Samba	3.0.6	*	*	*	*	*	*	*
2.3	Application	Samba	Samba	3.0.7	*	*	*	*	*	*	*
2.3	Application	Sgi	Samba	3.0	*	irix	*	*	*	*	*
2.3	Application	Sgi	Samba	3.0.1	*	irix	*	*	*	*	*
2.3	Application	Sgi	Samba	3.0.2	*	irix	*	*	*	*	*
2.3	Application	Sgi	Samba	3.0.3	*	irix	*	*	*	*	*
2.3	Application	Sgi	Samba	3.0.4	*	irix	*	*	*	*	*
2.3	Application	Sgi	Samba	3.0.5	*	irix	*	*	*	*	*
2.3	Application	Sgi	Samba	3.0.6	*	irix	*	*	*	*	*
2.3	Application	Sgi	Samba	3.0.7	*	irix	*	*	*	*	*
2.3	OS	Conectiva	Linux	10.0	*	*	*	*	*	*	*

OR - Configuration 2

Cpe Version	Part	Vendor	Product	Version	Update	Edition	Language	SW Edition	Target SW	Target HW	Other
2.3	OS	Gentoo	Linux	*	*	*	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	advanced_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	advanced_server_ia64	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	enterprise_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	enterprise_server_ia64	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	workstation	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	2.1	*	workstation_ia64	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	3.0	*	advanced_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	3.0	*	enterprise_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux	3.0	*	workstation_server	*	*	*	*	*
2.3	OS	Redhat	Enterprise Linux Desktop	3.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Fedora Core	core_2.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Fedora Core	core_3.0	*	*	*	*	*	*	*
2.3	OS	Redhat	Linux Advanced Workstation	2.1	*	ia64	*	*	*	*	*
2.3	OS	Redhat	Linux Advanced Workstation	2.1	*	itanium_processor	*	*	*	*	*

Vulnerable Software List

Vendor	Product	Versions
Redhat	Enterprise Linux	2.1, 3.0
Redhat	Enterprise Linux Desktop	3.0
Redhat	Fedora Core	core_2.0, core_3.0
Redhat	Linux Advanced Workstation	2.1
Samba	Samba	3.0.0, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7
Conectiva	Linux	10.0
Sgi	Samba	3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7
Gentoo	Linux	*

References

Name	Source	URL	Tags
SCOSA-2005.17	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt	SCO
20041201-01-P	ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P	SGI
CLA-2004:899	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899	CONECTIVA
APPLE-SA-2005-03-21	http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html	APPLE
20041108 [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability	http://marc.info/?l=bugtraq&m=109993720717957&w=2	BUGTRAQ
OpenPKG-SA-2004.054	http://marc.info/?l=bugtraq&m=110330519803655&w=2	OPENPKG
101783	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101783-1	SUNALERT
GLSA 200411-21	http://www.gentoo.org/security/en/glsa/glsa-200411-21.xml	GENTOO
20041108 Samba SMBD Remote Denial of Service Vulnerability	http://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=false	IDEFENSE	Exploit Patch Vendor Advisory
MDKSA-2004:131	http://www.mandriva.com/security/advisories?name=MDKSA-2004:131	MANDRAKE
SUSE-SA:2004:040	http://www.novell.com/linux/security/advisories/2004_40_samba.html	SUSE
11624	http://www.securityfocus.com/bid/11624	BID	Patch Vendor Advisory
samba-msfnmatch-dos(17987)	https://exchange.xforce.ibmcloud.com/vulnerabilities/17987	XF
oval:org.mitre.oval:def:10936	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10936	OVAL
USN-22-1	https://www.ubuntu.com/usn/usn-22-1/	UBUNTU