Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0882

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0882
Last Modified 21 Aug 2010 12:21:25
Published 27 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0882

Summary

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.

Vulnerable Systems

Operating System

  • Conectiva Linux 10.0

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

  • Redhat Linux Advanced Workstation 2.1

  • Ubuntu Linux 4.1

Application

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.2

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.4

  • Samba 3.0.5

  • Samba 3.0.6

  • Samba 3.0.7


References

CERT-VN - VU#457622

TRUSTIX - 2004-0058

XF - samba-qfilepathinfo-bo(18070)

OSVDB - 11782

SUSE - SUSE-SA:2004:040

CIAC - P-038

SECTRACK - 1012235

MISC - http://security.e-matters.de/advisories/132004.html

SECUNIA - 13189

APPLE - APPLE-SA-2005-03-21

SGI - 20041201-01-P

SCO - SCOSA-2005.17

BUGTRAQ - 20041217 [OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba)

BUGTRAQ - 20041115 [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd

BUGTRAQ - 20041115 Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow

CONECTIVA - CLA-2004:899


Last Updated: 27 May 2016 10:38:47