CVE-2004-1154

Current Description

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Basic Data

PublishedJanuary 10, 2005
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSambaSamba2.0.0*******
    2.3ApplicationSambaSamba2.0.1*******
    2.3ApplicationSambaSamba2.0.2*******
    2.3ApplicationSambaSamba2.0.3*******
    2.3ApplicationSambaSamba2.0.4*******
    2.3ApplicationSambaSamba2.0.5*******
    2.3ApplicationSambaSamba2.0.6*******
    2.3ApplicationSambaSamba2.0.7*******
    2.3ApplicationSambaSamba2.0.8*******
    2.3ApplicationSambaSamba2.0.9*******
    2.3ApplicationSambaSamba2.0.10*******
    2.3ApplicationSambaSamba2.2.0*******
    2.3ApplicationSambaSamba2.2.0a*******
    2.3ApplicationSambaSamba2.2.1a*******
    2.3ApplicationSambaSamba2.2.2*******
    2.3ApplicationSambaSamba2.2.3*******
    2.3ApplicationSambaSamba2.2.3a*******
    2.3ApplicationSambaSamba2.2.4*******
    2.3ApplicationSambaSamba2.2.5*******
    2.3ApplicationSambaSamba2.2.6*******
    2.3ApplicationSambaSamba2.2.7*******
    2.3ApplicationSambaSamba2.2.7a*******
    2.3ApplicationSambaSamba2.2.8*******
    2.3ApplicationSambaSamba2.2.8a*******
    2.3ApplicationSambaSamba2.2.9*******
    2.3ApplicationSambaSamba2.2.11*******
    2.3ApplicationSambaSamba2.2.12*******
    2.3ApplicationSambaSamba2.2a*******
    2.3ApplicationSambaSamba3.0.0*******
    2.3ApplicationSambaSamba3.0.1*******
    2.3ApplicationSambaSamba3.0.2*******
    2.3ApplicationSambaSamba3.0.2a*******
    2.3ApplicationSambaSamba3.0.3*******
    2.3ApplicationSambaSamba3.0.4*******
    2.3ApplicationSambaSamba3.0.4rc1******
    2.3ApplicationSambaSamba3.0.5*******
    2.3ApplicationSambaSamba3.0.6*******
    2.3ApplicationSambaSamba3.0.7*******
    2.3ApplicationSambaSamba3.0.8*******
    2.3ApplicationSambaSamba3.0.9*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatFedora Corecore_2.0*******
    2.3OSRedhatFedora Corecore_3.0*******
    2.3OSSuseSuse Linux1.0*desktop*****
    2.3OSSuseSuse Linux8.1*******
    2.3OSSuseSuse Linux8.2*******
    2.3OSSuseSuse Linux9.0*******
    2.3OSSuseSuse Linux9.0*enterprise_server*****
    2.3OSSuseSuse Linux9.0*x86_64*****
    2.3OSSuseSuse Linux9.1*******
    2.3OSSuseSuse Linux9.2*******
    2.3OSTrustixSecure Linux2.0*******
    2.3OSTrustixSecure Linux2.1*******
    2.3OSTrustixSecure Linux2.2*******

Vulnerable Software List

VendorProductVersions
Redhat Fedora Core core_2.0, core_3.0
Samba Samba 2.0.0, 2.0.1, 2.0.10, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.2.0, 2.2.0a, 2.2.11, 2.2.12, 2.2.1a, 2.2.2, 2.2.3, 2.2.3a, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.7a, 2.2.8, 2.2.8a, 2.2.9, 2.2a, 3.0.0, 3.0.1, 3.0.2, 3.0.2a, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9
Trustix Secure Linux 2.0, 2.1, 2.2
Suse Suse Linux 1.0, 8.1, 8.2, 9.0, 9.1, 9.2

References

NameSourceURLTags
SCOSA-2005.17ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txtSCO
APPLE-SA-2005-03-21http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlAPPLE
13453http://secunia.com/advisories/13453/SECUNIA
101643http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1SUNALERT
57730http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1SUNALERT
DSA-701http://www.debian.org/security/2005/dsa-701DEBIAN
20041216 Samba smbd Security Descriptor Integer Overflow Vulnerabilityhttp://www.idefense.com/application/poi/display?id=165&type=vulnerabilitiesIDEFENSE
VU#226184http://www.kb.cert.org/vuls/id/226184CERT-VNThird Party Advisory US Government Resource
SUSE-SA:2004:045http://www.novell.com/linux/security/advisories/2004_45_samba.htmlSUSE
RHSA-2005:020http://www.redhat.com/support/errata/RHSA-2005-020.htmlREDHAT
http://www.samba.org/samba/security/CAN-2004-1154.htmlhttp://www.samba.org/samba/security/CAN-2004-1154.htmlCONFIRM
11973http://www.securityfocus.com/bid/11973BID
samba-msrpc-heap-corruption(18519)https://exchange.xforce.ibmcloud.com/vulnerabilities/18519XF
oval:org.mitre.oval:def:10236https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10236OVAL
oval:org.mitre.oval:def:1459https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1459OVAL
oval:org.mitre.oval:def:642https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A642OVAL