CVE-2004-0930

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt

ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899

http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

http://marc.info/?l=bugtraq&m=109993720717957&w=2

http://marc.info/?l=bugtraq&m=110330519803655&w=2

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101783-1

http://www.gentoo.org/security/en/glsa/glsa-200411-21.xml

http://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=false

http://www.mandriva.com/security/advisories?name=MDKSA-2004:131

http://www.novell.com/linux/security/advisories/2004_40_samba.html

http://www.securityfocus.com/bid/11624

https://exchange.xforce.ibmcloud.com/vulnerabilities/17987

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10936

https://www.ubuntu.com/usn/usn-22-1/

Details

Source: MITRE

Published: 2005-01-27

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:sgi:samba:3.0:*:irix:*:*:*:*:*

cpe:2.3:a:sgi:samba:3.0.1:*:irix:*:*:*:*:*

cpe:2.3:a:sgi:samba:3.0.2:*:irix:*:*:*:*:*

cpe:2.3:a:sgi:samba:3.0.3:*:irix:*:*:*:*:*

cpe:2.3:a:sgi:samba:3.0.4:*:irix:*:*:*:*:*

cpe:2.3:a:sgi:samba:3.0.5:*:irix:*:*:*:*:*

cpe:2.3:a:sgi:samba:3.0.6:*:irix:*:*:*:*:*

cpe:2.3:a:sgi:samba:3.0.7:*:irix:*:*:*:*:*

cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*

cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
138426Solaris 10 (x86) : 119758-45NessusSolaris Local Security Checks
critical
138420Solaris 10 (sparc) : 119757-45NessusSolaris Local Security Checks
critical
129873Solaris 10 (x86) : 119758-44NessusSolaris Local Security Checks
critical
129869Solaris 10 (sparc) : 119757-44NessusSolaris Local Security Checks
critical
107833Solaris 10 (x86) : 119758-43NessusSolaris Local Security Checks
critical
107832Solaris 10 (x86) : 119758-38NessusSolaris Local Security Checks
critical
107831Solaris 10 (x86) : 119758-37NessusSolaris Local Security Checks
critical
107830Solaris 10 (x86) : 119758-36NessusSolaris Local Security Checks
critical
107829Solaris 10 (x86) : 119758-34NessusSolaris Local Security Checks
critical
107828Solaris 10 (x86) : 119758-33NessusSolaris Local Security Checks
critical
107827Solaris 10 (x86) : 119758-32NessusSolaris Local Security Checks
critical
107826Solaris 10 (x86) : 119758-31NessusSolaris Local Security Checks
critical
107825Solaris 10 (x86) : 119758-30NessusSolaris Local Security Checks
critical
107330Solaris 10 (sparc) : 119757-43NessusSolaris Local Security Checks
critical
107329Solaris 10 (sparc) : 119757-38NessusSolaris Local Security Checks
critical
107328Solaris 10 (sparc) : 119757-37NessusSolaris Local Security Checks
critical
107327Solaris 10 (sparc) : 119757-36NessusSolaris Local Security Checks
critical
107326Solaris 10 (sparc) : 119757-34NessusSolaris Local Security Checks
critical
107325Solaris 10 (sparc) : 119757-33NessusSolaris Local Security Checks
critical
107324Solaris 10 (sparc) : 119757-32NessusSolaris Local Security Checks
critical
107323Solaris 10 (sparc) : 119757-31NessusSolaris Local Security Checks
critical
107322Solaris 10 (sparc) : 119757-30NessusSolaris Local Security Checks
critical
36259FreeBSD : samba -- potential remote DoS vulnerability (ba13dc13-340d-11d9-ac1b-000d614f7fad)NessusFreeBSD Local Security Checks
medium
20637Ubuntu 4.10 : samba vulnerability (USN-22-1)NessusUbuntu Local Security Checks
medium
19207Solaris 10 (x86) : 119758-43 (deprecated)NessusSolaris Local Security Checks
critical
19204Solaris 10 (sparc) : 119757-43 (deprecated)NessusSolaris Local Security Checks
critical
15811FreeBSD : samba -- potential remote DoS vulnerability (175)NessusFreeBSD Local Security Checks
medium
15741RHEL 2.1 / 3 : samba (RHSA-2004:632)NessusRed Hat Local Security Checks
critical
15726SUSE-SA:2004:040: sambaNessusSuSE Local Security Checks
critical
15705Samba Multiple Remote VulnerabilitiesNessusMisc.
high
15699Mandrake Linux Security Advisory : samba (MDKSA-2004:131)NessusMandriva Local Security Checks
medium
15696GLSA-200411-21 : Samba: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
2397Samba < 3.0.8 Remote Wild Card DoS and QFILEPATHINFO Remote OverflowNessus Network MonitorSamba
high