Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0600

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0600
Last Modified 21 Aug 2010 12:20:51
Published 27 Jul 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0600

Summary

Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

Vulnerable Systems

Operating System

  • Trustix Secure Linux 1.5

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

Application

  • Samba 3.0.2

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.4


References

REDHAT - RHSA-2004:259

BUGTRAQ - 20040722 Samba 3.x swat preauthentication buffer overflow

XF - samba-swat-base64-bo(16785)

TRUSTIX - 2004-0039

SUSE - SUSE-SA:2004:022

MANDRAKE - MDKSA-2004:071

GENTOO - GLSA-200407-21

BUGTRAQ - 20040722 SWAT PreAuthorization PoC

BUGTRAQ - 20040722 TSSA-2004-014 - samba

BUGTRAQ - 20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba)

BUGTRAQ - 20040722 Security Release - Samba 3.0.5 and 2.2.10

CONECTIVA - CLA-2004:854

CONECTIVA - CLA-2004:851


Last Updated: 27 May 2016 10:38:40