Vulnerabilities > CVE-2004-0930 - Remote Wild Card Denial Of Service vulnerability in Samba
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 | |
| Application | 8 | |
| OS | 1 | |
| OS | 1 | |
| OS | 14 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_SAMBA_308.NASL description The following package needs to be updated: samba last seen 2016-09-26 modified 2004-11-23 plugin id 15811 published 2004-11-23 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=15811 title FreeBSD : samba -- potential remote DoS vulnerability (175) code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated by freebsd_pkg_ba13dc13340d11d9ac1b000d614f7fad.nasl. # # Disabled on 2011/10/02. # # # (C) Tenable Network Security, Inc. # # This script contains information extracted from VuXML : # # Copyright 2003-2006 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # include('compat.inc'); if ( description ) { script_id(15811); script_version("1.9"); script_cve_id("CVE-2004-0930"); script_name(english:"FreeBSD : samba -- potential remote DoS vulnerability (175)"); script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update'); script_set_attribute(attribute:'description', value:'The following package needs to be updated: samba'); script_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P'); script_set_attribute(attribute:'solution', value: 'Update the package on the remote host'); script_set_attribute(attribute: 'see_also', value: 'http://mozillanews.org/?article_date=2004-12-08+06-48-46 http://secunia.com/advisories/13129/ http://secunia.com/advisories/13253/ http://secunia.com/advisories/13254/ http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ http://us4.samba.org/samba/security/CAN-2004-0930.html http://www.igniterealtime.org/issues/browse/JM-1289 http://www.mozilla.org/security/announce/2006/mfsa2006-09.html http://www.mozilla.org/security/announce/2006/mfsa2006-10.html http://www.mozilla.org/security/announce/2006/mfsa2006-11.html http://www.mozilla.org/security/announce/2006/mfsa2006-12.html http://www.mozilla.org/security/announce/2006/mfsa2006-13.html http://www.mozilla.org/security/announce/2006/mfsa2006-14.html http://www.mozilla.org/security/announce/2006/mfsa2006-15.html http://www.mozilla.org/security/announce/2006/mfsa2006-16.html http://www.mozilla.org/security/announce/2006/mfsa2006-17.html http://www.pdc.kth.se/heimdal/advisory/2005-04-20 https://bugzilla.mozilla.org/show_bug.cgi?id=103638 https://bugzilla.mozilla.org/show_bug.cgi?id=273699'); script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/ba13dc13-340d-11d9-ac1b-000d614f7fad.html'); script_set_attribute(attribute:"plugin_publication_date", value: "2004/11/23"); script_end_attributes(); script_summary(english:"Check for samba"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); family["english"] = "FreeBSD Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/FreeBSD/pkg_info"); exit(0); } # Deprecated. exit(0, "This plugin has been deprecated. Refer to plugin #36259 (freebsd_pkg_ba13dc13340d11d9ac1b000d614f7fad.nasl) instead."); global_var cvss_score; cvss_score=5; include('freebsd_package.inc'); pkg_test(pkg:"samba>3.*<3.0.8"); pkg_test(pkg:"samba>3.*,1<3.0.8,1");NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-36.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Mar/10/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107327 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107327 title Solaris 10 (sparc) : 119757-36 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107327); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2004-0930", "CVE-2004-1154", "CVE-2009-1888"); script_name(english:"Solaris 10 (sparc) : 119757-36"); script_summary(english:"Check for patch 119757-36"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119757-36" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Mar/10/16" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119757-36" ); script_set_attribute(attribute:"solution", value:"Install patch 119757-36 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-1154"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119757"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122675"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146363"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbaS", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbac", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbar", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbau", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsfman / SUNWsmbaS / SUNWsmbac / SUNWsmbar / SUNWsmbau"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-37.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Aug/11/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107831 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107831 title Solaris 10 (x86) : 119758-37 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107831); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2004-0930", "CVE-2004-1154", "CVE-2009-1888"); script_name(english:"Solaris 10 (x86) : 119758-37"); script_summary(english:"Check for patch 119758-37"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119758-37" ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Aug/11/16" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119758-37" ); script_set_attribute(attribute:"solution", value:"Install patch 119758-37 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-1154"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119758"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122676"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146364"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbaS", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbac", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbar", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbau", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsfman / SUNWsmbaS / SUNWsmbac / SUNWsmbar / SUNWsmbau"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-30.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Jan/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107322 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107322 title Solaris 10 (sparc) : 119757-30 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107322); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2004-0930", "CVE-2004-1154", "CVE-2009-1888"); script_name(english:"Solaris 10 (sparc) : 119757-30"); script_summary(english:"Check for patch 119757-30"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119757-30" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Jan/14/14" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119757-30" ); script_set_attribute(attribute:"solution", value:"Install patch 119757-30 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-1154"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119757"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122675"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146363"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbaS", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbac", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbar", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbau", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsfman / SUNWsmbaS / SUNWsmbac / SUNWsmbar / SUNWsmbau"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-44.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Oct/14/19 last seen 2020-06-01 modified 2020-06-02 plugin id 129869 published 2019-10-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129869 title Solaris 10 (sparc) : 119757-44 NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-38.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Apr/17/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107329 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107329 title Solaris 10 (sparc) : 119757-38 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-36.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Mar/10/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107830 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107830 title Solaris 10 (x86) : 119758-36 NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_BA13DC13340D11D9AC1B000D614F7FAD.NASL description Karol Wiesek at iDEFENSE reports : A remote attacker could cause an smbd process to consume abnormal amounts of system resources due to an input validation error when matching filenames containing wildcard characters. Although samba.org classifies this as a DoS vulnerability, several members of the security community believe it may be exploitable for arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 36259 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36259 title FreeBSD : samba -- potential remote DoS vulnerability (ba13dc13-340d-11d9-ac1b-000d614f7fad) NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-43.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Nov/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107330 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107330 title Solaris 10 (sparc) : 119757-43 NASL family Fedora Local Security Checks NASL id FEDORA_2004-460.NASL description This update closes two security holes: CVE-2004-0882 and CVE-2004-0930. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15848 published 2004-11-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15848 title Fedora Core 3 : samba-3.0.9-1.fc3 (2004-460) NASL family Fedora Local Security Checks NASL id FEDORA_2004-459.NASL description This update closes two security holes: CVE-2004-0882 and CVE-2004-0930 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15847 published 2004-11-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15847 title Fedora Core 2 : samba-3.0.9-1.fc2 (2004-459) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-30.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Jan/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107825 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107825 title Solaris 10 (x86) : 119758-30 NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-31.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Feb/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107323 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107323 title Solaris 10 (sparc) : 119757-31 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-22-1.NASL description Karol Wiesek discovered a Denial of Service vulnerability in samba. A flaw in the input validation routines used to match filename strings containing wildcard characters may allow a remote user to consume more than normal amounts of CPU resources, thus impacting the performance and response of the server. In some circumstances the server can become entirely unresponsive. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20637 published 2006-01-15 reporter Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20637 title Ubuntu 4.10 : samba vulnerability (USN-22-1) NASL family Misc. NASL id SAMBA_WILDCARD.NASL description The remote Samba server, according to its version number, is affected by a remote denial of service vulnerability as well as a buffer overflow. The Wild Card DoS vulnerability may allow an attacker to make the remote server consume excessive CPU cycles. The QFILEPATHINFO Remote buffer overflow vulnerability may allow an attacker to execute code on the server. An attacker needs a valid account or enough credentials to exploit those flaws. last seen 2020-06-01 modified 2020-06-02 plugin id 15705 published 2004-11-13 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15705 title Samba Multiple Remote Vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-33.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Sep/13/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107325 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107325 title Solaris 10 (sparc) : 119757-33 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200411-21.NASL description The remote host is affected by the vulnerability described in GLSA-200411-21 (Samba: Multiple vulnerabilities) Samba fails to do proper bounds checking when handling TRANSACT2_QFILEPATHINFO replies. Additionally an input validation flaw exists in ms_fnmatch.c when matching filenames that contain wildcards. Impact : An attacker may be able to execute arbitrary code with the permissions of the user running Samba. A remote attacker may also be able to cause an abnormal consumption of CPU resources, resulting in slower performance of the server or even a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15696 published 2004-11-13 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15696 title GLSA-200411-21 : Samba: Multiple vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-33.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Sep/13/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107828 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107828 title Solaris 10 (x86) : 119758-33 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-131.NASL description Karol Wiesek discovered a bug in the input validation routines in Samba 3.x used to match filename strings containing wildcard characters. This bug may allow a user to consume more than normal amounts of CPU cycles which would impact the performance and response of the server. In some cases it could also cause the server to become entirely unresponsive. The updated packages are patched to prevent this problem with patches from the Samba team. This vulnerability is fixed in samba 3.0.8. last seen 2020-06-01 modified 2020-06-02 plugin id 15699 published 2004-11-13 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15699 title Mandrake Linux Security Advisory : samba (MDKSA-2004:131) NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_040.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:040 (samba). There is a problem in the Samba file sharing service daemon, which allows a remote user to have the service consume lots of computing power and potentially crash the service by querying special wildcarded filenames. This attack can be successful if the Samba daemon is running and a remote user has access to a share (even read only). The Samba team has issued the new Samba version 3.0.8 to fix this problem, this update backports the relevant patch. This issue has been assigned the Mitre CVE ID CVE-2004-0930. Stefan Esser found a problem in the Unicode string handling in the Samba file handling which could lead to a remote heap buffer overflow and might allow remote attackers to inject code in the smbd process. This issue has been assigned the Mitre CVE ID CVE-2004-0882. We provide updated packages for both these problems. The Samba version 2 packages are not affected by this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 15726 published 2004-11-16 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15726 title SUSE-SA:2004:040: samba NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-37.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Aug/11/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107328 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107328 title Solaris 10 (sparc) : 119757-37 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-32.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : May/17/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107827 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107827 title Solaris 10 (x86) : 119758-32 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-38.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Apr/17/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107832 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107832 title Solaris 10 (x86) : 119758-38 NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-32.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : May/17/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107324 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107324 title Solaris 10 (sparc) : 119757-32 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-44.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Oct/14/19 last seen 2020-06-01 modified 2020-06-02 plugin id 129873 published 2019-10-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129873 title Solaris 10 (x86) : 119758-44 NASL family Solaris Local Security Checks NASL id SOLARIS10_119757.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119757 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 19204 published 2005-07-14 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=19204 title Solaris 10 (sparc) : 119757-43 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-31.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Feb/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107826 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107826 title Solaris 10 (x86) : 119758-31 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-632.NASL description Updated samba packages that fix various security vulnerabilities are now available. Samba provides file and printer sharing services to SMB/CIFS clients. During a code audit, Stefan Esser discovered a buffer overflow in Samba versions prior to 3.0.8 when handling unicode filenames. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0882 to this issue. Red Hat believes that the Exec-Shield technology (enabled by default since Update 3) will block attempts to remotely exploit this vulnerability on x86 architectures. Additionally, a bug was found in the input validation routines in versions of Samba prior to 3.0.8 that caused the smbd process to consume abnormal amounts of system memory. An authenticated remote user could exploit this bug to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0930 to this issue. Users of Samba should upgrade to these updated packages, which contain backported security patches, and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15741 published 2004-11-17 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15741 title RHEL 2.1 / 3 : samba (RHSA-2004:632) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-34.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107829 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107829 title Solaris 10 (x86) : 119758-34 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119758 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 19207 published 2005-07-14 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=19207 title Solaris 10 (x86) : 119758-43 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-43.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Nov/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107833 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107833 title Solaris 10 (x86) : 119758-43 NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-34.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107326 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107326 title Solaris 10 (sparc) : 119757-34
Oval
| accepted | 2013-04-29T04:10:05.595-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:10936 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. | ||||||||
| version | 27 |
Redhat
| rpms |
|
References
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
- ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899
- http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
- http://marc.info/?l=bugtraq&m=109993720717957&w=2
- http://marc.info/?l=bugtraq&m=110330519803655&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101783-1
- http://www.gentoo.org/security/en/glsa/glsa-200411-21.xml
- http://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=false
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:131
- http://www.novell.com/linux/security/advisories/2004_40_samba.html
- http://www.securityfocus.com/bid/11624
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17987
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10936
- https://www.ubuntu.com/usn/usn-22-1/