Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
sambaSamba SecuritySAMBA:CVE-2004-0882
HistoryNov 15, 2004 - 12:00 a.m.

Possible Buffer Overrun in smbd

2004-11-1500:00:00
Samba Security
www.samba.org
122

0.959 High

EPSS

Percentile

99.5%

JSON

Summary: A possible buffer overrun in smbd could
lead to code execution by a remote user

Patch Availability

A patch for Samba 3.0.7 (samba-3.0.7-CAN-2004-0882.patch) is
available from http://www.samba.org/samba/ftp/patches/security/.
The patch has been signed with the “Samba Distribution Verification
Key” (ID F17F9772).

Description

Invalid bounds checking in reply to certain trans2 requests
could result in a buffer overrun in smbd. In order to exploit
this defect, the attacker must be able to create files with very
specific Unicode filenames on the Samba share.

Protecting Unpatched Servers

The Samba Team always encourages users to run the latest stable
release as a defense of against attacks. However, under certain
circumstances it may not be possible to immediately upgrade
important installations. In such cases, administrators should
read the “Server Security” documentation found at
http://www.samba.org/samba/docs/server_security.html.

Credits

This security issue was reported to Samba developers by Stefan
Esser from e-matters Security (http://security.e-matters.de/).

– Our Code, Our Bugs, Our Responsibility.

		-- The Samba Team

Related

nessus 10
cve 1
cert 1
openvas 7
debiancve 1
securityvulns 2
ubuntucve 1
ubuntu 2
cvelist 1
checkpoint_advisories 1
freebsd 1
gentoo 1
redhat 1
suse 1
nessus
nessus
Mandrake Linux Security Advisory : samba (MDKSA-2004:136)
2004-11-19 00:00:00
Ubuntu 4.10 : samba vulnerability (USN-29-1)
2006-01-15 00:00:00
FreeBSD : smbd -- buffer-overrun vulnerability (f3d3f621-38d8-11d9-8fff-000c6e8f12ef)
2005-07-13 00:00:00
cve
cve
CVE-2004-0882
2005-01-27 05:00:00
cert
cert
Samba QFILEPATHINFO handling routine contains a remotely exploitable buffer overflow
2004-11-17 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-29-1)
2022-08-26 00:00:00
FreeBSD Ports: samba
2008-09-04 00:00:00
FreeBSD Ports: samba
2008-09-04 00:00:00
debiancve
debiancve
CVE-2004-0882
2005-01-27 05:00:00
securityvulns
securityvulns
[SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd
2004-11-16 00:00:00
[Full-Disclosure] Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow
2004-11-15 00:00:00
ubuntucve
ubuntucve
CVE-2004-0882
2005-01-27 00:00:00
ubuntu
ubuntu
samba vulnerability
2004-11-18 00:00:00
Linux kernel vulnerabilities
2004-11-19 00:00:00
cvelist
cvelist
CVE-2004-0882
2004-11-19 05:00:00
checkpoint_advisories
checkpoint_advisories
Samba Unicode Filename Buffer Overflow (CVE-2004-0882)
2015-10-25 00:00:00
freebsd
freebsd
smbd -- buffer-overrun vulnerability
2004-11-15 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2004-11-11 00:00:00
redhat
redhat
(RHSA-2004:632) samba security update
2004-11-16 00:00:00
suse
suse
potential remote buffer overflow in samba
2004-11-15 22:07:05

0.959 High

EPSS

Percentile

99.5%

JSON
Related for SAMBA:CVE-2004-0882
nessus10cve1cert1openvas7debiancve1securityvulns2ubuntucve1ubuntu2cvelist1checkpoint_advisories1freebsd1gentoo1redhat1suse1