Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
sambaSamba SecuritySAMBA:CVE-2004-0600
HistoryJul 22, 2004 - 12:00 a.m.

Potential Buffer Overrun in SWAT

2004-07-2200:00:00
Samba Security
www.samba.org
71

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

JSON

Description

The internal routine used by the Samba Web Administration
Tool (SWAT v3.0.2 and later) to decode the base64 data
during HTTP basic authentication is subject to a buffer
overrun caused by an invalid base64 character. It is
recommended that all Samba v3.0.2 or later installations
running SWAT either (a) upgrade to v3.0.5, or (b) disable
the swat administration service as a temporary workaround.

This same code is used internally to decode the
sambaMungedDial attribute value when using the ldapsam
passdb backend. While we do not believe that the base64
decoding routines used by the ldapsam passdb backend can
be exploited, sites using an LDAP directory service with
Samba are strongly encouraged to verify that the DIT only
allows write access to sambaSamAccount attributes by a
sufficiently authorized user.

Credits

The Samba Team would like to heartily thank Evgeny Demidov
for analyzing and reporting this bug.

Our Code, Our Bugs, Our Responsibility.

			-- The Samba Team

Related

openvas 11
cve 1
nessus 9
debiancve 1
checkpoint_advisories 1
packetstorm 1
redhat 1
slackware 1
gentoo 1
securityvulns 2
freebsd 1
suse 1
openvas
openvas
Samba 3.0.2 <= 3.0.4 Buffer Overflow Vulnerability (CVE-2004-0600)
2021-09-24 00:00:00
SLES9: Security update for samba
2009-10-10 00:00:00
Gentoo Security Advisory GLSA 200407-21 (Samba)
2008-09-24 00:00:00
cve
cve
CVE-2004-0600
2004-07-27 04:00:00
nessus
nessus
Samba SWAT HTTP Basic Auth base64 Overflow
2004-07-22 00:00:00
Samba SWAT 3.0.2 - 3.0.4 HTTP Basic Auth base64 Buffer Overflow
2011-11-18 00:00:00
SUSE-SA:2004:022: samba
2004-07-25 00:00:00
debiancve
debiancve
CVE-2004-0600
2004-07-27 04:00:00
checkpoint_advisories
checkpoint_advisories
Samba SWAT HTTP Authentication Buffer Overflow (CVE-2004-0600)
2009-10-27 00:00:00
packetstorm
packetstorm
sambaPoC.txt
2004-07-23 00:00:00
redhat
redhat
(RHSA-2004:259) samba security update
2004-07-22 00:00:00
slackware
slackware
new samba packages
2004-07-25 20:24:19
gentoo
gentoo
Samba: Multiple buffer overflows
2004-07-29 00:00:00
securityvulns
securityvulns
[security bulletin] SSRT4782 rev. 0 HP-UX CIFS Server potential remote root access
2004-07-28 00:00:00
Security Release - Samba 3.0.5 and 2.2.10
2004-07-23 00:00:00
freebsd
freebsd
Multiple Potential Buffer Overruns in Samba
2004-07-14 00:00:00
suse
suse
remote root compromise in samba
2004-07-23 11:20:42

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

JSON
Related for SAMBA:CVE-2004-0600
openvas11cve1nessus9debiancve1checkpoint_advisories1packetstorm1redhat1slackware1gentoo1securityvulns2freebsd1suse1