Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0186

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-0186
Last Modified 05 Sep 2008 04:37:45
Published 15 Mar 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-0186

Summary

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

Vulnerable Systems

Operating System

  • Linux Kernel 2.6 Test9 Cvs

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

Application

  • Samba 2.0

  • Samba 3.0.0


References

XF - samba-smbmnt-gain-privileges(15131)

BID - 9619

DEBIAN - DSA-463

BUGTRAQ - 20040209 Samba 3.x + kernel 2.6.x local root vulnerability

OSVDB - 3916

BUGTRAQ - 20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability


Last Updated: 27 May 2016 10:38:30