10

CVE-2004-1154

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version2.0.0
SambaSamba Version2.0.1
SambaSamba Version2.0.2
SambaSamba Version2.0.3
SambaSamba Version2.0.4
SambaSamba Version2.0.5
SambaSamba Version2.0.6
SambaSamba Version2.0.7
SambaSamba Version2.0.8
SambaSamba Version2.0.9
SambaSamba Version2.0.10
SambaSamba Version2.2.0
SambaSamba Version2.2.0a
SambaSamba Version2.2.1a
SambaSamba Version2.2.2
SambaSamba Version2.2.3
SambaSamba Version2.2.3a
SambaSamba Version2.2.4
SambaSamba Version2.2.5
SambaSamba Version2.2.6
SambaSamba Version2.2.7
SambaSamba Version2.2.7a
SambaSamba Version2.2.8
SambaSamba Version2.2.8a
SambaSamba Version2.2.9
SambaSamba Version2.2.11
SambaSamba Version2.2.12
SambaSamba Version2.2a
SambaSamba Version3.0.0
SambaSamba Version3.0.1
SambaSamba Version3.0.2
SambaSamba Version3.0.2a
SambaSamba Version3.0.3
SambaSamba Version3.0.4
SambaSamba Version3.0.4 Updaterc1
SambaSamba Version3.0.5
SambaSamba Version3.0.6
SambaSamba Version3.0.7
SambaSamba Version3.0.8
SambaSamba Version3.0.9
RedhatFedora Core Versioncore_2.0
RedhatFedora Core Versioncore_3.0
SuseSuse Linux Version1.0 Editiondesktop
SuseSuse Linux Version8.1
SuseSuse Linux Version8.2
SuseSuse Linux Version9.0
SuseSuse Linux Version9.0 Editionenterprise_server
SuseSuse Linux Version9.0 Editionx86_64
SuseSuse Linux Version9.1
SuseSuse Linux Version9.2
TrustixSecure Linux Version2.0
TrustixSecure Linux Version2.1
TrustixSecure Linux Version2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.2% 0.959
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
http://secunia.com/advisories/13453/
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1
http://www.debian.org/security/2005/dsa-701
http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities
http://www.kb.cert.org/vuls/id/226184
Third Party Advisory
US Government Resource
http://www.novell.com/linux/security/advisories/2004_45_samba.html
http://www.redhat.com/support/errata/RHSA-2005-020.html
http://www.samba.org/samba/security/CAN-2004-1154.html
http://www.securityfocus.com/bid/11973
https://exchange.xforce.ibmcloud.com/vulnerabilities/18519
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10236
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1459
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A642