Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1154

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-1154
Last Modified 21 Aug 2010 12:21:56
Published 10 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1154

Summary

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Vulnerable Systems

Operating System

  • Redhat Fedora Core Core 2.0

  • Redhat Fedora Core Core 3.0

  • Suse Linux 1.0

  • Suse Linux 8.1

  • Suse Linux 8.2

  • Suse Linux 9.0

  • Suse Linux 9.1

  • Suse Linux 9.2

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Trustix Secure Linux 2.2

Application

  • Samba 2.0.0

  • Samba 2.0.1

  • Samba 2.0.10

  • Samba 2.0.2

  • Samba 2.0.3

  • Samba 2.0.4

  • Samba 2.0.5

  • Samba 2.0.6

  • Samba 2.0.7

  • Samba 2.0.8

  • Samba 2.0.9

  • Samba 2.2.0

  • Samba 2.2.0a

  • Samba 2.2.11

  • Samba 2.2.12

  • Samba 2.2.1a

  • Samba 2.2.2

  • Samba 2.2.3

  • Samba 2.2.3a

  • Samba 2.2.4

  • Samba 2.2.5

  • Samba 2.2.6

  • Samba 2.2.7

  • Samba 2.2.7a

  • Samba 2.2.8

  • Samba 2.2.8a

  • Samba 2.2.9

  • Samba 2.2a

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.2

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.4

  • Samba 3.0.5

  • Samba 3.0.6

  • Samba 3.0.7

  • Samba 3.0.8

  • Samba 3.0.9


References

CERT-VN - VU#226184

XF - samba-msrpc-heap-corruption(18519)

CONFIRM - http://www.samba.org/samba/security/CAN-2004-1154.html

REDHAT - RHSA-2005:020

SUSE - SUSE-SA:2004:045

DEBIAN - DSA-701

SECUNIA - 13453

APPLE - APPLE-SA-2005-03-21

SCO - SCOSA-2005.17

BID - 11973

IDEFENSE - 20041216 Samba smbd Security Descriptor Integer Overflow Vulnerability

SUNALERT - 57730

SUNALERT - 101643


Last Updated: 27 May 2016 10:38:55