Vulnerabilities > CVE-2004-0807

Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.

Vulnerable Configurations

Part	Description	Count
Application	Samba Samba Samba 3.0.0 Samba Samba 3.0.1 Samba Samba 3.0.2 Samba Samba 3.0.2A Samba Samba 3.0.3 Samba Samba 3.0.4 Samba Samba 3.0.5 Samba Samba 3.0.6	9
Application	Sgi SGI Samba 3.0 SGI Samba 3.0.1 SGI Samba 3.0.2 SGI Samba 3.0.3 SGI Samba 3.0.4 SGI Samba 3.0.5 SGI Samba 3.0.6	7
OS	Conectiva Conectiva Linux 9.0 Conectiva Linux 10.0	2
OS	Mandrakesoft Mandrakesoft Mandrake Linux 10.0	2
OS	Suse Suse Suse Linux 8 Suse Suse Linux 8.1 Suse Suse Linux 8.2 Suse Suse Linux 9.0 Suse Suse Linux 9.1	7

Nessus

NASL family	Denial of Service
NASL id	SAMBA_ASN1_DOS.NASL
description	The remote Samba server, according to its version number, is vulnerable to a denial of service. There is a bug in the remote smbd ASN.1 parsing that could allow an attacker to cause a denial of service attack against the remote host by sending a specially crafted ASN.1 packet during the authentication request that could make the newly-spawned smbd process run into an infinite loop. By establishing multiple connections and sending such packets, an attacker could consume all the CPU and memory of the remote host, thus crashing it remotely. Another bug could allow an attacker to crash the remote nmbd process by sending a malformed NetBIOS packet.
last seen	2020-06-01
modified	2020-06-02
plugin id	14711
published	2004-09-13
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14711
title	Samba < 3.0.7 Multiple Remote DoS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(14711); script_version ("1.15"); script_cve_id("CVE-2004-0807", "CVE-2004-0808"); script_bugtraq_id(11156); script_name(english:"Samba < 3.0.7 Multiple Remote DoS"); script_set_attribute(attribute:"synopsis", value: "The remote service is vulnerable to a denial of service." ); script_set_attribute(attribute:"description", value: "The remote Samba server, according to its version number, is vulnerable to a denial of service. There is a bug in the remote smbd ASN.1 parsing that could allow an attacker to cause a denial of service attack against the remote host by sending a specially crafted ASN.1 packet during the authentication request that could make the newly-spawned smbd process run into an infinite loop. By establishing multiple connections and sending such packets, an attacker could consume all the CPU and memory of the remote host, thus crashing it remotely. Another bug could allow an attacker to crash the remote nmbd process by sending a malformed NetBIOS packet." ); script_set_attribute(attribute:"solution", value: "Upgrade to Samba 3.0.7." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/13"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/13"); script_cvs_date("Date: 2018/07/27 18:38:14"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba"); script_end_attributes(); script_summary(english: "checks samba version"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english: "Denial of Service"); script_dependencie("smb_nativelanman.nasl"); script_require_keys("SMB/NativeLanManager"); exit(0); } # # The script code starts here # lanman = get_kb_item("SMB/NativeLanManager"); if("Samba" >< lanman) { if(ereg(pattern:"Samba 3\.0\.[0-6][^0-9]*$", string:lanman))security_warning(139); }

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_A711DE5C05FA11D9A9B200061BC2AD93.NASL
description	Code found in nmbd and smbd may allow a remote attacker to effectively crash the nmbd server or use the smbd server to exhaust the system memory.
last seen	2020-06-01
modified	2020-06-02
plugin id	37486
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/37486
title	FreeBSD : samba3 DoS attack (a711de5c-05fa-11d9-a9b2-00061bc2ad93)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(37486); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:36"); script_cve_id("CVE-2004-0807", "CVE-2004-0808"); script_name(english:"FreeBSD : samba3 DoS attack (a711de5c-05fa-11d9-a9b2-00061bc2ad93)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Code found in nmbd and smbd may allow a remote attacker to effectively crash the nmbd server or use the smbd server to exhaust the system memory." ); # http://www.idefense.com/application/poi/display?id=139&type=vulnerabilities script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?60f5a02b" ); # https://vuxml.freebsd.org/freebsd/a711de5c-05fa-11d9-a9b2-00061bc2ad93.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5cc31b3c" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"samba3<3.0.7")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba3>*,1<3.0.7,1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2004-257-01.NASL
description	New samba packages are available for Slackware 10.0 and -current. These fix two denial of service vulnerabilities reported by iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws.
last seen	2020-06-01
modified	2020-06-02
plugin id	18757
published	2005-07-13
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18757
title	Slackware 10.0 / current : samba DoS (SSA:2004-257-01)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2004-257-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(18757); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2004-0807", "CVE-2004-0808"); script_xref(name:"SSA", value:"2004-257-01"); script_name(english:"Slackware 10.0 / current : samba DoS (SSA:2004-257-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New samba packages are available for Slackware 10.0 and -current. These fix two denial of service vulnerabilities reported by iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372415 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9c63b8a1" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"10.0", pkgname:"samba", pkgver:"3.0.5", pkgarch:"i486", pkgnum:"3")) flag++; if (slackware_check(osver:"current", pkgname:"samba", pkgver:"3.0.7", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-467.NASL
description	Updated samba packages that fix two denial of service vulnerabilities are now available. [Updated 23rd September 2004] Packages have been updated to include the ppc64 packages which were left out of the initial errata. Samba provides file and printer sharing services to SMB/CIFS clients. The Samba team has discovered a denial of service bug in the smbd daemon. A defect in smbd
last seen	2020-06-01
modified	2020-06-02
plugin id	14801
published	2004-09-23
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/14801
title	RHEL 3 : samba (RHSA-2004:467)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200409-16.NASL
description	The remote host is affected by the vulnerability described in GLSA-200409-16 (Samba: Denial of Service vulnerabilities) There is a defect in smbd
last seen	2020-06-01
modified	2020-06-02
plugin id	14710
published	2004-09-13
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14710
title	GLSA-200409-16 : Samba: Denial of Service vulnerabilities

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_SAMBA_307_1.NASL
description	The following package needs to be updated: samba3
last seen	2016-09-26
modified	2004-09-14
plugin id	14720
published	2004-09-14
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=14720
title	FreeBSD : samba3 DoS attack (174)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-092.NASL
description	Two vulnerabilities were discovered in samba 3.0.x; the first is a defect in smbd
last seen	2020-06-01
modified	2020-06-02
plugin id	14723
published	2004-09-14
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14723
title	Mandrake Linux Security Advisory : samba (MDKSA-2004:092)

Oval

accepted

2013-04-29T04:11:48.407-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

family

unix

oval:org.mitre.oval:def:11141

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

rhsa

id	RHSA-2004:467

rpms

samba-0:3.0.7-1.3E
samba-client-0:3.0.7-1.3E
samba-common-0:3.0.7-1.3E
samba-debuginfo-0:3.0.7-1.3E
samba-swat-0:3.0.7-1.3E

Vulnerabilities > CVE-2004-0807 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2004-0807"}]}

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References

Vulnerabilities > CVE-2004-0807