Vulnerabilities > CVE-2004-0808 - Unspecified vulnerability in Samba
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN samba
nessus
Summary
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Nessus
NASL family Denial of Service NASL id SAMBA_ASN1_DOS.NASL description The remote Samba server, according to its version number, is vulnerable to a denial of service. There is a bug in the remote smbd ASN.1 parsing that could allow an attacker to cause a denial of service attack against the remote host by sending a specially crafted ASN.1 packet during the authentication request that could make the newly-spawned smbd process run into an infinite loop. By establishing multiple connections and sending such packets, an attacker could consume all the CPU and memory of the remote host, thus crashing it remotely. Another bug could allow an attacker to crash the remote nmbd process by sending a malformed NetBIOS packet. last seen 2020-06-01 modified 2020-06-02 plugin id 14711 published 2004-09-13 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14711 title Samba < 3.0.7 Multiple Remote DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(14711); script_version ("1.15"); script_cve_id("CVE-2004-0807", "CVE-2004-0808"); script_bugtraq_id(11156); script_name(english:"Samba < 3.0.7 Multiple Remote DoS"); script_set_attribute(attribute:"synopsis", value: "The remote service is vulnerable to a denial of service." ); script_set_attribute(attribute:"description", value: "The remote Samba server, according to its version number, is vulnerable to a denial of service. There is a bug in the remote smbd ASN.1 parsing that could allow an attacker to cause a denial of service attack against the remote host by sending a specially crafted ASN.1 packet during the authentication request that could make the newly-spawned smbd process run into an infinite loop. By establishing multiple connections and sending such packets, an attacker could consume all the CPU and memory of the remote host, thus crashing it remotely. Another bug could allow an attacker to crash the remote nmbd process by sending a malformed NetBIOS packet." ); script_set_attribute(attribute:"solution", value: "Upgrade to Samba 3.0.7." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/13"); script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/13"); script_cvs_date("Date: 2018/07/27 18:38:14"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba"); script_end_attributes(); script_summary(english: "checks samba version"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_family(english: "Denial of Service"); script_dependencie("smb_nativelanman.nasl"); script_require_keys("SMB/NativeLanManager"); exit(0); } # # The script code starts here # lanman = get_kb_item("SMB/NativeLanManager"); if("Samba" >< lanman) { if(ereg(pattern:"Samba 3\.0\.[0-6][^0-9]*$", string:lanman))security_warning(139); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A711DE5C05FA11D9A9B200061BC2AD93.NASL description Code found in nmbd and smbd may allow a remote attacker to effectively crash the nmbd server or use the smbd server to exhaust the system memory. last seen 2020-06-01 modified 2020-06-02 plugin id 37486 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37486 title FreeBSD : samba3 DoS attack (a711de5c-05fa-11d9-a9b2-00061bc2ad93) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(37486); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:36"); script_cve_id("CVE-2004-0807", "CVE-2004-0808"); script_name(english:"FreeBSD : samba3 DoS attack (a711de5c-05fa-11d9-a9b2-00061bc2ad93)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Code found in nmbd and smbd may allow a remote attacker to effectively crash the nmbd server or use the smbd server to exhaust the system memory." ); # http://www.idefense.com/application/poi/display?id=139&type=vulnerabilities script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?60f5a02b" ); # https://vuxml.freebsd.org/freebsd/a711de5c-05fa-11d9-a9b2-00061bc2ad93.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5cc31b3c" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:samba3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/02"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"samba3<3.0.7")) flag++; if (pkg_test(save_report:TRUE, pkg:"samba3>*,1<3.0.7,1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-257-01.NASL description New samba packages are available for Slackware 10.0 and -current. These fix two denial of service vulnerabilities reported by iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws. last seen 2020-06-01 modified 2020-06-02 plugin id 18757 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18757 title Slackware 10.0 / current : samba DoS (SSA:2004-257-01) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2004-257-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(18757); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2004-0807", "CVE-2004-0808"); script_xref(name:"SSA", value:"2004-257-01"); script_name(english:"Slackware 10.0 / current : samba DoS (SSA:2004-257-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New samba packages are available for Slackware 10.0 and -current. These fix two denial of service vulnerabilities reported by iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.372415 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9c63b8a1" ); script_set_attribute(attribute:"solution", value:"Update the affected samba package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"10.0", pkgname:"samba", pkgver:"3.0.5", pkgarch:"i486", pkgnum:"3")) flag++; if (slackware_check(osver:"current", pkgname:"samba", pkgver:"3.0.7", pkgarch:"i486", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-467.NASL description Updated samba packages that fix two denial of service vulnerabilities are now available. [Updated 23rd September 2004] Packages have been updated to include the ppc64 packages which were left out of the initial errata. Samba provides file and printer sharing services to SMB/CIFS clients. The Samba team has discovered a denial of service bug in the smbd daemon. A defect in smbd last seen 2020-06-01 modified 2020-06-02 plugin id 14801 published 2004-09-23 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14801 title RHEL 3 : samba (RHSA-2004:467) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200409-16.NASL description The remote host is affected by the vulnerability described in GLSA-200409-16 (Samba: Denial of Service vulnerabilities) There is a defect in smbd last seen 2020-06-01 modified 2020-06-02 plugin id 14710 published 2004-09-13 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14710 title GLSA-200409-16 : Samba: Denial of Service vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_SAMBA_307_1.NASL description The following package needs to be updated: samba3 last seen 2016-09-26 modified 2004-09-14 plugin id 14720 published 2004-09-14 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14720 title FreeBSD : samba3 DoS attack (174) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-092.NASL description Two vulnerabilities were discovered in samba 3.0.x; the first is a defect in smbd last seen 2020-06-01 modified 2020-06-02 plugin id 14723 published 2004-09-14 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14723 title Mandrake Linux Security Advisory : samba (MDKSA-2004:092)
Oval
accepted | 2013-04-29T04:04:50.771-04:00 | ||||||||
class | vulnerability | ||||||||
contributors |
| ||||||||
definition_extensions |
| ||||||||
description | The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | ||||||||
family | unix | ||||||||
id | oval:org.mitre.oval:def:10344 | ||||||||
status | accepted | ||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||
title | The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | ||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- http://www.idefense.com/application/poi/display?id=138&type=vulnerabilities
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873
- http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:092
- http://www.redhat.com/support/errata/RHSA-2004-467.html
- http://www.trustix.net/errata/2004/0046/
- http://marc.info/?l=bugtraq&m=109509335230495&w=2
- http://marc.info/?l=bugtraq&m=109526231623307&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10344