Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0883

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2004-0883
Last Modified 21 Aug 2010 12:21:25
Published 10 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0883

Summary

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

Vulnerable Systems

Operating System

  • Linux Kernel 2.4.0

  • Linux Kernel 2.4.1

  • Linux Kernel 2.4.10

  • Linux Kernel 2.4.11

  • Linux Kernel 2.4.12

  • Linux Kernel 2.4.13

  • Linux Kernel 2.4.14

  • Linux Kernel 2.4.15

  • Linux Kernel 2.4.16

  • Linux Kernel 2.4.17

  • Linux Kernel 2.4.18

  • Linux Kernel 2.4.19

  • Linux Kernel 2.4.2

  • Linux Kernel 2.4.20

  • Linux Kernel 2.4.21

  • Linux Kernel 2.4.22

  • Linux Kernel 2.4.23

  • Linux Kernel 2.4.23 Ow2

  • Linux Kernel 2.4.24

  • Linux Kernel 2.4.24 Ow1

  • Linux Kernel 2.4.25

  • Linux Kernel 2.4.26

  • Linux Kernel 2.4.27

  • Linux Kernel 2.4.3

  • Linux Kernel 2.4.4

  • Linux Kernel 2.4.5

  • Linux Kernel 2.4.6

  • Linux Kernel 2.4.7

  • Linux Kernel 2.4.8

  • Linux Kernel 2.4.9

  • Linux Kernel 2.6 Test9 Cvs

  • Linux Kernel 2.6.0

  • Linux Kernel 2.6.1

  • Linux Kernel 2.6.2

  • Linux Kernel 2.6.3

  • Linux Kernel 2.6.4

  • Linux Kernel 2.6.5

  • Linux Kernel 2.6.6

  • Linux Kernel 2.6.7

  • Linux Kernel 2.6.8

  • Linux Kernel 2.6.9

  • Redhat Enterprise Linux 2.1

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

  • Redhat Linux Advanced Workstation 2.1

  • Suse Linux 1.0

  • Suse Linux 8

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

  • Trustix Secure Linux 1.5

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Trustix Secure Linux 2.2

  • Ubuntu Linux 4.1


References

CERT-VN - VU#726198

BID - 11695

REDHAT - RHSA-2004:537

FEDORA - FLSA:2336

XF - linux-smbreceivetrans2-dos(18136)

XF - linux-smbprocreadxdata-dos(18135)

XF - linux-smb-response-dos(18134)

MISC - http://security.e-matters.de/advisories/142004.html

SECUNIA - 13232

BUGTRAQ - 20041118 [USN-30-1] Linux kernel vulnerabilities

REDHAT - RHSA-2004:505

REDHAT - RHSA-2004:504

MANDRAKE - MDKSA-2005:022

DEBIAN - DSA-1082

DEBIAN - DSA-1070

DEBIAN - DSA-1069

DEBIAN - DSA-1067

SECUNIA - 20338

SECUNIA - 20202

SECUNIA - 20163

SECUNIA - 20162

BUGTRAQ - 20041117 Advisory 14/2004: Linux 2.x smbfs multiple remote vulnerabilities


Last Updated: 27 May 2016 10:38:47