Vulnerabilities > CVE-2004-0807

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
samba
sgi
conectiva
mandrakesoft
suse
nessus

Summary

Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.

Nessus

  • NASL familyDenial of Service
    NASL idSAMBA_ASN1_DOS.NASL
    descriptionThe remote Samba server, according to its version number, is vulnerable to a denial of service. There is a bug in the remote smbd ASN.1 parsing that could allow an attacker to cause a denial of service attack against the remote host by sending a specially crafted ASN.1 packet during the authentication request that could make the newly-spawned smbd process run into an infinite loop. By establishing multiple connections and sending such packets, an attacker could consume all the CPU and memory of the remote host, thus crashing it remotely. Another bug could allow an attacker to crash the remote nmbd process by sending a malformed NetBIOS packet.
    last seen2020-06-01
    modified2020-06-02
    plugin id14711
    published2004-09-13
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14711
    titleSamba < 3.0.7 Multiple Remote DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(14711);
     script_version ("1.15");
     script_cve_id("CVE-2004-0807", "CVE-2004-0808");
     script_bugtraq_id(11156);
    
     script_name(english:"Samba < 3.0.7 Multiple Remote DoS");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote service is vulnerable to a denial of service." );
     script_set_attribute(attribute:"description", value:
    "The remote Samba server, according to its version number, is 
    vulnerable to a denial of service.
    
    There is a bug in the remote smbd ASN.1 parsing that could allow an 
    attacker to cause a denial of service attack against the remote host 
    by sending a specially crafted ASN.1 packet during the authentication 
    request that could make the newly-spawned smbd process run into an 
    infinite loop. By establishing multiple connections and sending such 
    packets, an attacker could consume all the CPU and memory of the 
    remote host, thus crashing it remotely.
    
    Another bug could allow an attacker to crash the remote nmbd process 
    by sending a malformed NetBIOS packet." );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Samba 3.0.7." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/13");
     script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/13");
     script_cvs_date("Date: 2018/07/27 18:38:14");
    script_set_attribute(attribute:"plugin_type", value:"remote");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
    script_end_attributes();
    
     script_summary(english: "checks samba version");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
     script_family(english: "Denial of Service");
     script_dependencie("smb_nativelanman.nasl");
     script_require_keys("SMB/NativeLanManager");
     exit(0);
    }
    
    #
    # The script code starts here
    #
    
    lanman = get_kb_item("SMB/NativeLanManager");
    if("Samba" >< lanman)
    {
     if(ereg(pattern:"Samba 3\.0\.[0-6][^0-9]*$",
     	 string:lanman))security_warning(139);
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A711DE5C05FA11D9A9B200061BC2AD93.NASL
    descriptionCode found in nmbd and smbd may allow a remote attacker to effectively crash the nmbd server or use the smbd server to exhaust the system memory.
    last seen2020-06-01
    modified2020-06-02
    plugin id37486
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37486
    titleFreeBSD : samba3 DoS attack (a711de5c-05fa-11d9-a9b2-00061bc2ad93)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(37486);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:36");
    
      script_cve_id("CVE-2004-0807", "CVE-2004-0808");
    
      script_name(english:"FreeBSD : samba3 DoS attack (a711de5c-05fa-11d9-a9b2-00061bc2ad93)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Code found in nmbd and smbd may allow a remote attacker to effectively
    crash the nmbd server or use the smbd server to exhaust the system
    memory."
      );
      # http://www.idefense.com/application/poi/display?id=139&type=vulnerabilities
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?60f5a02b"
      );
      # https://vuxml.freebsd.org/freebsd/a711de5c-05fa-11d9-a9b2-00061bc2ad93.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5cc31b3c"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/09/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"samba3<3.0.7")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"samba3>*,1<3.0.7,1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2004-257-01.NASL
    descriptionNew samba packages are available for Slackware 10.0 and -current. These fix two denial of service vulnerabilities reported by iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws.
    last seen2020-06-01
    modified2020-06-02
    plugin id18757
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18757
    titleSlackware 10.0 / current : samba DoS (SSA:2004-257-01)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2004-257-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(18757);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2004-0807", "CVE-2004-0808");
      script_xref(name:"SSA", value:"2004-257-01");
    
      script_name(english:"Slackware 10.0 / current : samba DoS (SSA:2004-257-01)");
      script_summary(english:"Checks for updated package in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New samba packages are available for Slackware 10.0 and -current.
    These fix two denial of service vulnerabilities reported by iDEFENSE.
    Slackware -current has been upgraded to samba-3.0.7, while the
    samba-3.0.5 included with Slackware 10.0 has been patched to fix these
    issues. Sites running Samba 3.x should upgrade to the new package.
    Versions of Samba before 3.0.x are not affected by these flaws."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372415
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9c63b8a1"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected samba package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/09/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"10.0", pkgname:"samba", pkgver:"3.0.5", pkgarch:"i486", pkgnum:"3")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"samba", pkgver:"3.0.7", pkgarch:"i486", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-467.NASL
    descriptionUpdated samba packages that fix two denial of service vulnerabilities are now available. [Updated 23rd September 2004] Packages have been updated to include the ppc64 packages which were left out of the initial errata. Samba provides file and printer sharing services to SMB/CIFS clients. The Samba team has discovered a denial of service bug in the smbd daemon. A defect in smbd
    last seen2020-06-01
    modified2020-06-02
    plugin id14801
    published2004-09-23
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/14801
    titleRHEL 3 : samba (RHSA-2004:467)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200409-16.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200409-16 (Samba: Denial of Service vulnerabilities) There is a defect in smbd
    last seen2020-06-01
    modified2020-06-02
    plugin id14710
    published2004-09-13
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14710
    titleGLSA-200409-16 : Samba: Denial of Service vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_SAMBA_307_1.NASL
    descriptionThe following package needs to be updated: samba3
    last seen2016-09-26
    modified2004-09-14
    plugin id14720
    published2004-09-14
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=14720
    titleFreeBSD : samba3 DoS attack (174)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-092.NASL
    descriptionTwo vulnerabilities were discovered in samba 3.0.x; the first is a defect in smbd
    last seen2020-06-01
    modified2020-06-02
    plugin id14723
    published2004-09-14
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14723
    titleMandrake Linux Security Advisory : samba (MDKSA-2004:092)

Oval

accepted2013-04-29T04:11:48.407-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionSamba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
familyunix
idoval:org.mitre.oval:def:11141
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleSamba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
version26

Redhat

advisories
rhsa
idRHSA-2004:467
rpms
  • samba-0:3.0.7-1.3E
  • samba-client-0:3.0.7-1.3E
  • samba-common-0:3.0.7-1.3E
  • samba-debuginfo-0:3.0.7-1.3E
  • samba-swat-0:3.0.7-1.3E