Search...

SLES9: Security update for samba

2009-10-10T00:00:00

ID OPENVAS:65033
Type openvas
Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-11T00:00:00

Description

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected:

samba-winbind
samba
samba-python
libsmbclient
libsmbclient-devel
samba-client
samba-pdb

For more information, please visit the referenced security advisories.

More details may also be found by searching for keyword 5016221 within the SuSE Enterprise Server 9 patch database at http://download.novell.com/patch/finder/

                                        
                                            # OpenVAS Vulnerability Test
# $Id: sles9p5016221.nasl 6666 2017-07-11 13:13:36Z cfischer $
# Description: Security update for samba
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_summary = "The remote host is missing updates to packages that affect
the security of your system.  One or more of the following packages
are affected:

    samba-winbind
    samba
    samba-python
    libsmbclient
    libsmbclient-devel
    samba-client
    samba-pdb

For more information, please visit the referenced security
advisories.

More details may also be found by searching for keyword
5016221 within the SuSE Enterprise Server 9 patch
database at http://download.novell.com/patch/finder/";

tag_solution = "Please install the updates provided by SuSE.";
                                                                                
if(description)
{
 script_id(65033);
 script_version("$Revision: 6666 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $");
 script_tag(name:"creation_date", value:"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)");
 script_cve_id("CVE-2004-0600", "CVE-2004-0686");
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_name("SLES9: Security update for samba");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
 script_family("SuSE Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-rpm.inc");

res = "";
report = "";
if ((res = isrpmvuln(pkg:"samba-winbind", rpm:"samba-winbind~3.0.4~1.27", rls:"SLES9.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "SuSE Local Security Checks", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n samba-winbind\n samba\n samba-python\n libsmbclient\n libsmbclient-devel\n samba-client\n samba-pdb\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016221 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "e0d7b9ce8274fe26ea3698b430091b95"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "5f58520b0e3066a7342f32c971eaa0c1"}, {"key": "href", "hash": "9e76b8cf1239c4f580958a07e1470423"}, {"key": "modified", "hash": "bf6febede5ca68e35fdf4a0f47b4ef18"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "c164729e7c38926049767ce84c52ca66"}, {"key": "published", "hash": "b5690f93a9a8de1997d799545818941e"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "sourceData", "hash": "d2dcecfd4bcc3003475ce2ba69ad6876"}, {"key": "title", "hash": "2487079c2715dd0eb6c0bc233f9fdc65"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=65033", "modified": "2017-07-11T00:00:00", "objectVersion": "1.3", "enchantments": {"vulnersScore": 5.0}, "id": "OPENVAS:65033", "title": "SLES9: Security update for samba", "hash": "19e2cdbfc5e531558b84a90be448cc3336d9e9a919a7aeed985ee00a4e661dfc", "edition": 2, "published": "2009-10-10T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:14:05", "bulletin": {"hash": "f707efd20fb6fa3a916d68f211c3d768a62c75d0a1418d908ae25bae76b3de40", "viewCount": 0, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n samba-winbind\n samba\n samba-python\n libsmbclient\n libsmbclient-devel\n samba-client\n samba-pdb\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016221 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "hashmap": [{"key": "title", "hash": "2487079c2715dd0eb6c0bc233f9fdc65"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "cvelist", "hash": "e0d7b9ce8274fe26ea3698b430091b95"}, {"key": "pluginID", "hash": "c164729e7c38926049767ce84c52ca66"}, {"key": "published", "hash": "b5690f93a9a8de1997d799545818941e"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "description", "hash": "5f58520b0e3066a7342f32c971eaa0c1"}, {"key": "modified", "hash": "b5348bdaf143de7f1627a4373bd7d0b0"}, {"key": "href", "hash": "9e76b8cf1239c4f580958a07e1470423"}, {"key": "sourceData", "hash": "02fbb92f77607d779508b753392a6468"}], "naslFamily": "SuSE Local Security Checks", "modified": "2017-02-03T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=65033", "published": "2009-10-10T00:00:00", "enchantments": {}, "id": "OPENVAS:65033", "title": "SLES9: Security update for samba", "bulletinFamily": "scanner", "edition": 1, "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016221.nasl 5186 2017-02-03 09:47:39Z teissa $\n# Description: Security update for samba\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n samba-winbind\n samba\n samba-python\n libsmbclient\n libsmbclient-devel\n samba-client\n samba-pdb\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016221 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65033);\n script_version(\"$Revision: 5186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-03 10:47:39 +0100 (Fri, 03 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for samba\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"HostDetails/OS/cpe:/o:suse:linux_enterprise_server\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.0.4~1.27\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "type": "openvas", "history": [], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-07-02T21:14:05", "pluginID": "65033"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-07-26T08:55:49", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5016221.nasl 6666 2017-07-11 13:13:36Z cfischer $\n# Description: Security update for samba\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n samba-winbind\n samba\n samba-python\n libsmbclient\n libsmbclient-devel\n samba-client\n samba-pdb\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016221 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_id(65033);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2004-0600\", \"CVE-2004-0686\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for samba\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.0.4~1.27\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "pluginID": "65033"}

{"result": {"cve": [{"id": "CVE-2004-0686", "type": "cve", "title": "CVE-2004-0686", "description": "Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the \"mangling method = hash\" option is enabled in smb.conf, has unknown impact and attack vectors.", "published": "2004-07-27T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0686", "cvelist": ["CVE-2004-0686"], "lastseen": "2017-10-11T11:05:57"}, {"id": "CVE-2004-0600", "type": "cve", "title": "CVE-2004-0600", "description": "Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.", "published": "2004-07-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0600", "cvelist": ["CVE-2004-0600"], "lastseen": "2017-10-11T11:05:57"}], "redhat": [{"id": "RHSA-2004:404", "type": "redhat", "title": "(RHSA-2004:404) samba security update", "description": "Samba provides file and printer sharing services to SMB/CIFS clients. \n \nThe Samba team discovered a buffer overflow in the code used to support \nthe 'mangling method = hash' smb.conf option. The Common Vulnerabilities \nand Exposures project (cve.mitre.org) has assigned the name CAN-2004-0686 \nto this issue. \n \nAll users of Samba should upgrade to these updated packages, which \ncontain an upgrade to Samba-2.2.10, which is not vulnerable to this \nissue.", "published": "2004-07-26T04:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2004:404", "cvelist": ["CVE-2004-0686"], "lastseen": "2018-03-28T01:00:47"}, {"id": "RHSA-2004:259", "type": "redhat", "title": "(RHSA-2004:259) samba security update", "description": "Samba provides file and printer sharing services to SMB/CIFS clients. \n \nEvgeny Demidov discovered a flaw in the internal routine used by the Samba\nWeb Administration Tool (SWAT) in Samba versions 3.0.2 through 3.0.4. When\ndecoding base-64 data during HTTP basic authentication, an invalid base-64\ncharacter could cause a buffer overflow. If the SWAT administration\nservice is enabled, this flaw could allow an attacker to execute arbitrary\ncode. The Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0600 to this issue.\n\nAdditionally, the Samba team discovered a buffer overflow in the code used\nto support the 'mangling method = hash' smb.conf option. Please be aware\nthat the default setting for this parameter is 'mangling method = hash2'\nand therefore not vulnerable. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2004-0686 to this issue.\n\nThis release includes the updated upstream version 3.0.4 together with \nbackported security patches to correct these issues as well as a number of\npost-3.0.4 bug fixes from the Samba subversion repository. \n \nThe most important bug fix allows Samba users to change their passwords \nif Microsoft patch KB 828741 (a critical update) had been applied. \n \nAll users of Samba should upgrade to these updated packages, which\nresolve these issues.", "published": "2004-07-22T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2004:259", "cvelist": ["CVE-2004-0600", "CVE-2004-0686"], "lastseen": "2017-08-02T16:58:04"}], "nessus": [{"id": "SAMBA_MANGLING_OVERFLOW.NASL", "type": "nessus", "title": "Samba Mangling Method Hash Overflow", "description": "The remote Samba server, according to its version number, is vulnerable to a buffer overflow if the option 'mangling method' is set to 'hash' in smb.conf (which is not the case by default).\n\nAn attacker may exploit this flaw to execute arbitrary commands on the remote host.", "published": "2004-07-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=13657", "cvelist": ["CVE-2004-0686"], "lastseen": "2017-10-29T13:35:26"}, {"id": "REDHAT-RHSA-2004-404.NASL", "type": "nessus", "title": "RHEL 2.1 : samba (RHSA-2004:404)", "description": "Updated samba packages that fix a buffer overflow issue are now available.\n\nSamba provides file and printer sharing services to SMB/CIFS clients.\n\nThe Samba team discovered a buffer overflow in the code used to support the 'mangling method = hash' smb.conf option. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0686 to this issue.\n\nAll users of Samba should upgrade to these updated packages, which contain an upgrade to Samba-2.2.10, which is not vulnerable to this issue.", "published": "2004-07-26T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=13846", "cvelist": ["CVE-2004-0686"], "lastseen": "2017-10-29T13:35:55"}, {"id": "GENTOO_GLSA-200407-21.NASL", "type": "nessus", "title": "GLSA-200407-21 : Samba: Multiple buffer overflows", "description": "The remote host is affected by the vulnerability described in GLSA-200407-21 (Samba: Multiple buffer overflows)\n\n Evgeny Demidov found a buffer overflow in SWAT, located in the base64 data decoder used to handle HTTP basic authentication (CAN-2004-0600). The same flaw is present in the code used to handle the sambaMungedDial attribute value, when using the ldapsam passdb backend. Another buffer overflow was found in the code used to support the 'mangling method = hash' smb.conf option (CAN-2004-0686). Note that the default Samba value for this option is 'mangling method = hash2' which is not vulnerable.\n Impact :\n\n The SWAT authentication overflow could be exploited to execute arbitrary code with the rights of the Samba daemon process. The overflow in the sambaMungedDial handling code is not thought to be exploitable. The buffer overflow in 'mangling method = hash' code could also be used to execute arbitrary code on vulnerable configurations.\n Workaround :\n\n Users disabling SWAT, not using ldapsam passdb backends and not using the 'mangling method = hash' option are not vulnerable.", "published": "2004-08-30T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14554", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-10-29T13:40:29"}, {"id": "SLACKWARE_SSA_2004-207-01.NASL", "type": "nessus", "title": "Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : new samba packages (SSA:2004-207-01)", "description": "New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current to fix security issues.", "published": "2005-07-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=18774", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-10-29T13:39:57"}, {"id": "FREEBSD_SAMBA_304_4.NASL", "type": "nessus", "title": "FreeBSD : Multiple Potential Buffer Overruns in Samba (173)", "description": "The following package needs to be updated: ja-samba", "published": "2004-07-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=13656", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2016-09-26T17:24:31"}, {"id": "MANDRAKE_MDKSA-2004-071.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : samba (MDKSA-2004:071)", "description": "A vulnerability was discovered in SWAT, the Samba Web Administration Tool. The routine used to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. This same code is also used to internally decode the sambaMungedDial attribute value when using the ldapsam passdb backend, and to decode input given to the ntlm_auth tool.\n\nThis vulnerability only exists in Samba versions 3.0.2 or later; the 3.0.5 release fixes the vulnerability. Systems using SWAT, the ldapsam passdb backend, and tose running winbindd and allowing third- party applications to issue authentication requests via ntlm_auth tool should upgrade immediately. (CVE-2004-0600)\n\nA buffer overrun has been located in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable. This bug is present in Samba 3.0.0 and later, as well as Samba 2.2.X (CVE-2004-0686)\n\nThis update also fixes a bug where attempting to print in some cases would cause smbd to exit with a signal 11.", "published": "2004-07-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=14170", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-10-29T13:38:09"}, {"id": "SUSE_SA_2004_022.NASL", "type": "nessus", "title": "SUSE-SA:2004:022: samba", "description": "The remote host is missing the patch for the advisory SUSE-SA:2004:022 (samba).\n\n\nThe Samba Web Administration Tool (SWAT) was found vulnerable to a buffer overflow in its base64 code. This buffer overflow can possibly be exploited remotely before any authentication took place to execute arbitrary code.\nThe same piece of vulnerable code was also used in ldapsam passdb and in the ntlm_auth tool.\nThis vulnerability only exists on Samba 3.0.2 to 3.0.4.\n\nAnother buffer overflow was found in Samba 3.0.0 and later, as well as in Samba 2.2.x. This overflow exists in the hash code of the mangling method (smb.conf: mangling method = hash), the default uses hash2 which is not vulnerable.\n\nThere is no temporary workaround known. The first proof-of-concept exploits were seen on public mailing lists.\n\nAfter the installation was successfully completed please restart the samba daemon.\n/usr/sbin/rcsmb restart\n\nSWAT is called by inetd/xinetd. Therefore it is sufficient to kill all running instances of SWAT only.\n\nPlease download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement.\nThen, install the package using the command 'rpm -Fhv file.rpm' to apply the update.", "published": "2004-07-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=13838", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2016-09-26T17:24:16"}, {"id": "REDHAT-RHSA-2004-259.NASL", "type": "nessus", "title": "RHEL 3 : samba (RHSA-2004:259)", "description": "Updated samba packages that fix buffer overflows, as well as other various bugs, are now available.\n\nSamba provides file and printer sharing services to SMB/CIFS clients.\n\nEvgeny Demidov discovered a flaw in the internal routine used by the Samba Web Administration Tool (SWAT) in Samba versions 3.0.2 through 3.0.4. When decoding base-64 data during HTTP basic authentication, an invalid base-64 character could cause a buffer overflow. If the SWAT administration service is enabled, this flaw could allow an attacker to execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0600 to this issue.\n\nAdditionally, the Samba team discovered a buffer overflow in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0686 to this issue.\n\nThis release includes the updated upstream version 3.0.4 together with backported security patches to correct these issues as well as a number of post-3.0.4 bug fixes from the Samba subversion repository.\n\nThe most important bug fix allows Samba users to change their passwords if Microsoft patch KB 828741 (a critical update) had been applied.\n\nAll users of Samba should upgrade to these updated packages, which resolve these issues.", "published": "2004-07-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=13658", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-10-29T13:33:49"}, {"id": "FREEBSD_PKG_2DE14F7ADAD911D8B59A00061BC2AD93.NASL", "type": "nessus", "title": "FreeBSD : Multiple Potential Buffer Overruns in Samba (2de14f7a-dad9-11d8-b59a-00061bc2ad93)", "description": "Evgeny Demidov discovered that the Samba server has a buffer overflow in the Samba Web Administration Tool (SWAT) on decoding Base64 data during HTTP Basic Authentication. Versions 3.0.2 through 3.0.4 are affected.\n\nAnother buffer overflow bug has been found in the code used to support the 'mangling method = hash' smb.conf option. The default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable. Versions between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected.", "published": "2009-04-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=37185", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-10-29T13:33:11"}, {"id": "SAMBA_3_0_5.NASL", "type": "nessus", "title": "Samba SWAT 3.0.2 - 3.0.4 HTTP Basic Auth base64 Buffer Overflow", "description": "According to its banner, the version of Samba running on the remote host is between 3.0.2 and 3.0.4, inclusive. An error exists in the base64 decoding functions, which can result in a buffer overflow.", "published": "2011-11-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=17720", "cvelist": ["CVE-2004-0600"], "lastseen": "2017-10-29T13:38:07"}], "osvdb": [{"id": "OSVDB:8191", "type": "osvdb", "title": "Samba Mangling Method Hash Overflow", "description": "## Vulnerability Description\nSamba contains a flaw related to the \"mangling method = hash\" option that may allow an attacker to cause a buffer overflow. No further details have been provided.\n## Solution Description\nUpgrade to version 3.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nSamba contains a flaw related to the \"mangling method = hash\" option that may allow an attacker to cause a buffer overflow. No further details have been provided.\n## References:\nVendor URL: http://www.samba.org/\n[Vendor Specific Advisory URL](http://www.netwosix.org/adv15.html)\n[Vendor Specific Advisory URL](http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01062)\n[Vendor Specific Advisory URL](http://www.openpkg.org/security/OpenPKG-SA-2004.033-samba.txt)\n[Vendor Specific Advisory URL](http://www.tinysofa.org/support/errata/2004/014.html)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/2004_22_samba.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000851)\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200407-21.xml)\n[Vendor Specific Advisory URL](http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1&searchclause=)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000854)\n[Secunia Advisory ID:12130](https://secuniaresearch.flexerasoftware.com/advisories/12130/)\n[Secunia Advisory ID:12972](https://secuniaresearch.flexerasoftware.com/advisories/12972/)\n[Secunia Advisory ID:12168](https://secuniaresearch.flexerasoftware.com/advisories/12168/)\n[Related OSVDB ID: 8190](https://vulners.com/osvdb/OSVDB:8190)\nRedHat RHSA: RHSA-2004:259-23\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:071\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-404.html\nOther Advisory URL: http://www.samba.org/samba/whatsnew/samba-3.0.5.html\nOther Advisory URL: http://www.trustix.net/errata/2004/0039/\n[Nessus Plugin ID:13846](https://vulners.com/search?query=pluginID:13846)\n[Nessus Plugin ID:13657](https://vulners.com/search?query=pluginID:13657)\nISS X-Force ID: 16786\n[CVE-2004-0686](https://vulners.com/cve/CVE-2004-0686)\n", "published": "2004-07-22T03:44:32", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:8191", "cvelist": ["CVE-2004-0686"], "lastseen": "2017-04-28T13:20:03"}, {"id": "OSVDB:8190", "type": "osvdb", "title": "Samba SWAT HTTP Basic Auth base64 Overflow", "description": "## Vulnerability Description\nA remote overflow exists in Samba. The Samba Web Administration Tool (SWAT) fails to perform proper bounds checking when decoding base64 data during HTTP basic authentication resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 3.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in Samba. The Samba Web Administration Tool (SWAT) fails to perform proper bounds checking when decoding base64 data during HTTP basic authentication resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://www.samba.org/\n[Vendor Specific Advisory URL](http://www.netwosix.org/adv15.html)\n[Vendor Specific Advisory URL](http://www.openpkg.org/security/OpenPKG-SA-2004.033-samba.txt)\n[Vendor Specific Advisory URL](http://www.tinysofa.org/support/errata/2004/014.html)\n[Vendor Specific Advisory URL](http://www.suse.de/de/security/2004_22_samba.html)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000851)\n[Vendor Specific Advisory URL](http://security.gentoo.org/glsa/glsa-200407-21.xml)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000854)\n[Secunia Advisory ID:12130](https://secuniaresearch.flexerasoftware.com/advisories/12130/)\n[Secunia Advisory ID:12087](https://secuniaresearch.flexerasoftware.com/advisories/12087/)\n[Secunia Advisory ID:12454](https://secuniaresearch.flexerasoftware.com/advisories/12454/)\n[Related OSVDB ID: 8191](https://vulners.com/osvdb/OSVDB:8191)\nRedHat RHSA: RHSA-2004:259-23\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:071\nOther Advisory URL: http://www.samba.org/samba/whatsnew/samba-3.0.5.html\nOther Advisory URL: http://www.trustix.net/errata/2004/0039/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0249.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0258.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-07/0256.html\n[CVE-2004-0600](https://vulners.com/cve/CVE-2004-0600)\n", "published": "2004-07-22T03:44:32", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:8190", "cvelist": ["CVE-2004-0600"], "lastseen": "2017-04-28T13:20:03"}], "samba": [{"id": "SAMBA:CVE-2004-0686", "type": "samba", "title": "Potential Buffer Overrun in smbd ", "description": "A buffer overrun has been located in the code used to support the 'mangling method = hash' smb.conf option. Please be aware that the default setting for this parameter is 'mangling method = hash2' and therefore not vulnerable.\nAffected Samba 3 installations can avoid this possible security bug by using the default hash2 mangling method. Server installations requiring the hash mangling method are encouraged to upgrade to Samba 3.0.5.\n #### Protecting Unpatched Servers\nThe Samba Team always encourages users to run the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the \"Server Security\" documentation found at http://www.samba.org/samba/docs/server_security.html.", "published": "2004-07-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.samba.org/samba/security/CVE-2004-0686.html", "cvelist": ["CVE-2004-0686"], "lastseen": "2016-09-26T20:38:58"}, {"id": "SAMBA:CVE-2004-0600", "type": "samba", "title": "Potential Buffer Overrun in SWAT ", "description": "The internal routine used by the Samba Web Administration Tool (SWAT v3.0.2 and later) to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. It is recommended that all Samba v3.0.2 or later installations running SWAT either (a) upgrade to v3.0.5, or (b) disable the swat administration service as a temporary workaround.\nThis same code is used internally to decode the sambaMungedDial attribute value when using the ldapsam passdb backend. While we do not believe that the base64 decoding routines used by the ldapsam passdb backend can be exploited, sites using an LDAP directory service with Samba are strongly encouraged to verify that the DIT only allows write access to sambaSamAccount attributes by a sufficiently authorized user.", "published": "2004-07-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.samba.org/samba/security/CVE-2004-0600.html", "cvelist": ["CVE-2004-0600"], "lastseen": "2016-09-26T20:38:58"}], "openvas": [{"id": "OPENVAS:835144", "type": "openvas", "title": "HP-UX Update for the CIFS Server HPSBUX01062", "description": "Check for the Version of the CIFS Server", "published": "2009-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=835144", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-07-24T12:56:18"}, {"id": "OPENVAS:52420", "type": "openvas", "title": "FreeBSD Ports: samba", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=52420", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-07-02T21:10:20"}, {"id": "OPENVAS:53922", "type": "openvas", "title": "Slackware Advisory SSA:2004-207-01 new samba packages", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-207-01.", "published": "2012-09-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53922", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-07-24T12:50:46"}, {"id": "OPENVAS:136141256231065033", "type": "openvas", "title": "SLES9: Security update for samba", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n samba-winbind\n samba\n samba-python\n libsmbclient\n libsmbclient-devel\n samba-client\n samba-pdb\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5016221 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065033", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2018-04-06T11:39:04"}, {"id": "OPENVAS:54628", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200407-21 (Samba)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200407-21.", "published": "2008-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=54628", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2017-07-24T12:50:14"}, {"id": "OPENVAS:136141256231053922", "type": "openvas", "title": "Slackware Advisory SSA:2004-207-01 new samba packages", "description": "The remote host is missing an update as announced\nvia advisory SSA:2004-207-01.", "published": "2012-09-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053922", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2018-04-06T11:18:10"}, {"id": "OPENVAS:1361412562310835144", "type": "openvas", "title": "HP-UX Update for the CIFS Server HPSBUX01062", "description": "Check for the Version of the CIFS Server", "published": "2009-05-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835144", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2018-04-09T11:39:14"}], "freebsd": [{"id": "2DE14F7A-DAD9-11D8-B59A-00061BC2AD93", "type": "freebsd", "title": "Multiple Potential Buffer Overruns in Samba", "description": "\nEvgeny Demidov discovered that the Samba server has a\n\t buffer overflow in the Samba Web Administration Tool (SWAT)\n\t on decoding Base64 data during HTTP Basic Authentication.\n\t Versions 3.0.2 through 3.0.4 are affected.\nAnother buffer overflow bug has been found in the code\n\t used to support the \"mangling method = hash\" smb.conf\n\t option. The default setting for this parameter is \"mangling\n\t method = hash2\" and therefore not vulnerable. Versions\n\t between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected.\n", "published": "2004-07-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/2de14f7a-dad9-11d8-b59a-00061bc2ad93.html", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2016-09-26T17:25:22"}], "gentoo": [{"id": "GLSA-200407-21", "type": "gentoo", "title": "Samba: Multiple buffer overflows", "description": "### Background\n\nSamba is a package which allows *nix systems to act as file servers for Windows computers. It also allows *nix systems to mount shares exported by a Samba/CIFS/Windows server. The Samba Web Administration Tool (SWAT) is a web-based configuration tool part of the Samba package. \n\n### Description\n\nEvgeny Demidov found a buffer overflow in SWAT, located in the base64 data decoder used to handle HTTP basic authentication (CAN-2004-0600). The same flaw is present in the code used to handle the sambaMungedDial attribute value, when using the ldapsam passdb backend. Another buffer overflow was found in the code used to support the 'mangling method = hash' smb.conf option (CAN-2004-0686). Note that the default Samba value for this option is 'mangling method = hash2' which is not vulnerable. \n\n### Impact\n\nThe SWAT authentication overflow could be exploited to execute arbitrary code with the rights of the Samba daemon process. The overflow in the sambaMungedDial handling code is not thought to be exploitable. The buffer overflow in 'mangling method = hash' code could also be used to execute arbitrary code on vulnerable configurations. \n\n### Workaround\n\nUsers disabling SWAT, not using ldapsam passdb backends and not using the 'mangling method = hash' option are not vulnerable. \n\n### Resolution\n\nAll Samba users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=net-fs/samba-3.0.5\"\n # emerge \">=net-fs/samba-3.0.5\"", "published": "2004-07-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200407-21", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2016-09-06T19:46:11"}], "slackware": [{"id": "SSA-2004-207-01", "type": "slackware", "title": "new samba packages", "description": "New samba packages are available for Slackware 8.1, 9.0, 9.1, 10.0 and -current\nto fix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686\n\nHere are the details from the Slackware 10.0 ChangeLog:\n\nSun Jul 25 14:17:29 PDT 2004\npatches/packages/samba-3.0.5-i486-1.tgz: Upgraded to samba-3.0.5.\n This fixes a buffer overflow in SWAT and another in the code supporting\n the 'mangling method = hash' smb.conf option (which is not the default).\n For more details, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0686\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/samba-2.2.10-i386-1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/samba-2.2.10-i386-1.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/samba-2.2.10-i486-1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.5-i486-1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.0.5-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n03d53b165cf21bab6c0e26f98268d445 samba-2.2.10-i386-1.tgz\n\nSlackware 9.0 package:\n99cba95be5231d46327d3ca055a792db samba-2.2.10-i386-1.tgz\n\nSlackware 9.1 package:\n75e92332f92858430fbc01e0adf29c7b samba-2.2.10-i486-1.tgz\n\nSlackware 10.0 package:\nd4d00d9c748386da1dcd5ab941dbb294 samba-3.0.5-i486-1.tgz\n\nSlackware -current package:\nd4d00d9c748386da1dcd5ab941dbb294 samba-3.0.5-i486-1.tgz\n\n\nInstallation instructions:\n\nAs root, stop the samba server:\n\n. /etc/rc.d/rc.samba stop\n\nNext, upgrade the samba package(s) with upgradepkg:\n\nupgradepkg samba-3.0.5-i486-1.tgz\n\nFinally, start samba again:\n\n. /etc/rc.d/rc.samba start", "published": "2004-07-25T20:24:19", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.407946", "cvelist": ["CVE-2004-0686", "CVE-2004-0600"], "lastseen": "2018-02-02T18:11:31"}], "suse": [{"id": "SUSE-SA:2004:022", "type": "suse", "title": "remote root compromise in samba", "description": "The Samba Web Administration Tool (SWAT) was found vulnerable to a buffer overflow in its base64 code. This buffer overflow can possibly be exploited remotely before any authentication took place to execute arbitrary code. The same piece of vulnerable code was also used in ldapsam passdb and in the ntlm_auth tool. This vulnerability only exists on Samba 3.0.2 to 3.0.4.", "published": "2004-07-23T11:20:42", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2004-07/msg00005.html", "cvelist": ["CVE-2004-0686", "CVE-2004-0398", "CVE-2004-0179", "CVE-2004-0600"], "lastseen": "2016-09-04T12:13:32"}], "exploitdb": [{"id": "EDB-ID:364", "type": "exploitdb", "title": "Samba <= 3.0.4 SWAT Authorization Buffer Overflow Exploit", "description": "Samba <= 3.0.4 SWAT Authorization Buffer Overflow Exploit. CVE-2004-0600. Remote exploit for linux platform", "published": "2004-07-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/364/", "cvelist": ["CVE-2004-0600"], "lastseen": "2016-01-31T12:15:08"}], "packetstorm": [{"id": "PACKETSTORM:33855", "type": "packetstorm", "title": "sambaPoC.txt", "description": "", "published": "2004-07-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/33855/sambaPoC.txt.html", "cvelist": ["CVE-2004-0600"], "lastseen": "2016-12-05T22:22:59"}]}}