Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
sambaSamba SecuritySAMBA:CVE-2004-0686
HistoryJul 22, 2004 - 12:00 a.m.

Potential Buffer Overrun in smbd

2004-07-2200:00:00
Samba Security
www.samba.org
34

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.797 High

EPSS

Percentile

98.3%

JSON

Description

A buffer overrun has been located in the code used to support
the ‘mangling method = hash’ smb.conf option. Please be aware
that the default setting for this parameter is ‘mangling method
= hash2’ and therefore not vulnerable.

Affected Samba 3 installations can avoid this possible security
bug by using the default hash2 mangling method. Server
installations requiring the hash mangling method are encouraged
to upgrade to Samba 3.0.5.

Protecting Unpatched Servers

The Samba Team always encourages users to run the latest stable
release as a defense of against attacks. However, under certain
circumstances it may not be possible to immediately upgrade
important installations. In such cases, administrators should
read the “Server Security” documentation found at
http://www.samba.org/samba/docs/server_security.html.

Credits

This defect was located by Samba developers during a routine
code audit.

Our Code, Our Bugs, Our Responsibility.

			-- The Samba Team

Related

redhat 2
cve 1
nessus 9
debiancve 1
openvas 11
securityvulns 2
freebsd 1
slackware 1
gentoo 1
suse 1
redhat
redhat
(RHSA-2004:404) samba security update
2004-07-26 00:00:00
(RHSA-2004:259) samba security update
2004-07-22 00:00:00
cve
cve
CVE-2004-0686
2004-07-27 04:00:00
nessus
nessus
RHEL 2.1 : samba (RHSA-2004:404)
2004-07-26 00:00:00
Samba Mangling Method Hash Overflow
2004-07-22 00:00:00
GLSA-200407-21 : Samba: Multiple buffer overflows
2004-08-30 00:00:00
debiancve
debiancve
CVE-2004-0686
2004-07-27 04:00:00
openvas
openvas
Samba 3.0.0 <= 3.0.4 Buffer Overflow Vulnerability (CVE-2004-0686)
2021-09-24 00:00:00
HP-UX Update for the CIFS Server HPSBUX01062
2009-05-05 00:00:00
Gentoo Security Advisory GLSA 200407-21 (Samba)
2008-09-24 00:00:00
securityvulns
securityvulns
Security Release - Samba 3.0.5 and 2.2.10
2004-07-23 00:00:00
[security bulletin] SSRT4782 rev. 0 HP-UX CIFS Server potential remote root access
2004-07-28 00:00:00
freebsd
freebsd
Multiple Potential Buffer Overruns in Samba
2004-07-14 00:00:00
slackware
slackware
new samba packages
2004-07-25 20:24:19
gentoo
gentoo
Samba: Multiple buffer overflows
2004-07-29 00:00:00
suse
suse
remote root compromise in samba
2004-07-23 11:20:42

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.797 High

EPSS

Percentile

98.3%

JSON
Related for SAMBA:CVE-2004-0686
redhat2cve1nessus9debiancve1openvas11securityvulns2freebsd1slackware1gentoo1suse1