CVE-2004-1154

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

References

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt

http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

http://secunia.com/advisories/13453/

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1

http://www.debian.org/security/2005/dsa-701

http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities

http://www.kb.cert.org/vuls/id/226184

http://www.novell.com/linux/security/advisories/2004_45_samba.html

http://www.redhat.com/support/errata/RHSA-2005-020.html

http://www.samba.org/samba/security/CAN-2004-1154.html

http://www.securityfocus.com/bid/11973

https://exchange.xforce.ibmcloud.com/vulnerabilities/18519

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10236

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1459

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A642

Details

Source: MITRE

Published: 2005-01-10

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.8a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.11:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2.12:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:2.2a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
138426Solaris 10 (x86) : 119758-45NessusSolaris Local Security Checks
critical
138420Solaris 10 (sparc) : 119757-45NessusSolaris Local Security Checks
critical
129873Solaris 10 (x86) : 119758-44NessusSolaris Local Security Checks
critical
129869Solaris 10 (sparc) : 119757-44NessusSolaris Local Security Checks
critical
107833Solaris 10 (x86) : 119758-43NessusSolaris Local Security Checks
critical
107832Solaris 10 (x86) : 119758-38NessusSolaris Local Security Checks
critical
107831Solaris 10 (x86) : 119758-37NessusSolaris Local Security Checks
critical
107830Solaris 10 (x86) : 119758-36NessusSolaris Local Security Checks
critical
107829Solaris 10 (x86) : 119758-34NessusSolaris Local Security Checks
critical
107828Solaris 10 (x86) : 119758-33NessusSolaris Local Security Checks
critical
107827Solaris 10 (x86) : 119758-32NessusSolaris Local Security Checks
critical
107826Solaris 10 (x86) : 119758-31NessusSolaris Local Security Checks
critical
107825Solaris 10 (x86) : 119758-30NessusSolaris Local Security Checks
critical
107330Solaris 10 (sparc) : 119757-43NessusSolaris Local Security Checks
critical
107329Solaris 10 (sparc) : 119757-38NessusSolaris Local Security Checks
critical
107328Solaris 10 (sparc) : 119757-37NessusSolaris Local Security Checks
critical
107327Solaris 10 (sparc) : 119757-36NessusSolaris Local Security Checks
critical
107326Solaris 10 (sparc) : 119757-34NessusSolaris Local Security Checks
critical
107325Solaris 10 (sparc) : 119757-33NessusSolaris Local Security Checks
critical
107324Solaris 10 (sparc) : 119757-32NessusSolaris Local Security Checks
critical
107323Solaris 10 (sparc) : 119757-31NessusSolaris Local Security Checks
critical
107322Solaris 10 (sparc) : 119757-30NessusSolaris Local Security Checks
critical
20658Ubuntu 4.10 : samba vulnerability (USN-41-1)NessusUbuntu Local Security Checks
critical
19207Solaris 10 (x86) : 119758-43 (deprecated)NessusSolaris Local Security Checks
critical
19204Solaris 10 (sparc) : 119757-43 (deprecated)NessusSolaris Local Security Checks
critical
18904FreeBSD : samba -- integer overflow vulnerability (3b3676be-52e1-11d9-a9e7-0001020eed82)NessusFreeBSD Local Security Checks
critical
17664Debian DSA-701-2 : samba - integer overflowsNessusDebian Local Security Checks
critical
16304SUSE-SA:2004:045: sambaNessusSuSE Local Security Checks
critical
16110RHEL 2.1 : samba (RHSA-2005:020)NessusRed Hat Local Security Checks
critical
16065Mandrake Linux Security Advisory : samba (MDKSA-2004:158)NessusMandriva Local Security Checks
critical
16040RHEL 2.1 : samba (RHSA-2004:681)NessusRed Hat Local Security Checks
critical
15997GLSA-200412-13 : Samba: Integer overflowNessusGentoo Local Security Checks
critical
15992RHEL 3 : samba (RHSA-2004:670)NessusRed Hat Local Security Checks
critical
2463Samba < 3.0.10 Directory Access Control List Remote Integer OverflowNessus Network MonitorSamba
critical
15985Samba smbd Security Descriptor Parsing Remote OverflowNessusGain a shell remotely
critical