Vulnerabilities > CVE-2004-1154 - Remote Integer Overflow vulnerability in Samba Directory Access Control List

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
samba
redhat
suse
trustix
critical
nessus

Summary

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757-36.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : Mar/10/16
    last seen2020-06-01
    modified2020-06-02
    plugin id107327
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107327
    titleSolaris 10 (sparc) : 119757-36
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107327);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2004-0930", "CVE-2004-1154", "CVE-2009-1888");
    
      script_name(english:"Solaris 10 (sparc) : 119757-36");
      script_summary(english:"Check for patch 119757-36");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 119757-36"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.10: Samba patch.
    Date this patch was last updated by Sun : Mar/10/16"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/119757-36"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 119757-36 or higher");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-1154");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119757");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122675");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146363");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbaS", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbac", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbar", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbau", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsfman / SUNWsmbaS / SUNWsmbac / SUNWsmbar / SUNWsmbau");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758-37.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Aug/11/16
    last seen2020-06-01
    modified2020-06-02
    plugin id107831
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107831
    titleSolaris 10 (x86) : 119758-37
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107831);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2004-0930", "CVE-2004-1154", "CVE-2009-1888");
    
      script_name(english:"Solaris 10 (x86) : 119758-37");
      script_summary(english:"Check for patch 119758-37");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 119758-37"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.10_x86: Samba patch.
    Date this patch was last updated by Sun : Aug/11/16"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/119758-37"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 119758-37 or higher");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-1154");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119758");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122676");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146364");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbaS", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbac", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbar", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbau", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsfman / SUNWsmbaS / SUNWsmbac / SUNWsmbar / SUNWsmbau");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757-30.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : Jan/14/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107322
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107322
    titleSolaris 10 (sparc) : 119757-30
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107322);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/08");
    
      script_cve_id("CVE-2004-0930", "CVE-2004-1154", "CVE-2009-1888");
    
      script_name(english:"Solaris 10 (sparc) : 119757-30");
      script_summary(english:"Check for patch 119757-30");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 119757-30"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.10: Samba patch.
    Date this patch was last updated by Sun : Jan/14/14"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://getupdates.oracle.com/readme/119757-30"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 119757-30 or higher");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-1154");
      script_cwe_id(264);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119757");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122675");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146363");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbaS", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbac", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbar", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbau", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsfman / SUNWsmbaS / SUNWsmbac / SUNWsmbar / SUNWsmbau");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757-44.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : Oct/14/19
    last seen2020-06-01
    modified2020-06-02
    plugin id129869
    published2019-10-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129869
    titleSolaris 10 (sparc) : 119757-44
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757-38.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : Apr/17/17
    last seen2020-06-01
    modified2020-06-02
    plugin id107329
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107329
    titleSolaris 10 (sparc) : 119757-38
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758-36.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Mar/10/16
    last seen2020-06-01
    modified2020-06-02
    plugin id107830
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107830
    titleSolaris 10 (x86) : 119758-36
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2004_045.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2004:045 (samba). The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code. This update adds constraints to the Samba server code which protects it from using values from untrusted sources as operands in arithmetic operations to determine heap memory space needed to copy data. Without these limitations a remote attacker may be able to overflow the heap memory of the process and to overwrite vital information structures which can be abused to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id16304
    published2005-02-03
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16304
    titleSUSE-SA:2004:045: samba
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757-43.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : Nov/09/17
    last seen2020-06-01
    modified2020-06-02
    plugin id107330
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107330
    titleSolaris 10 (sparc) : 119757-43
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758-30.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Jan/14/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107825
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107825
    titleSolaris 10 (x86) : 119758-30
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757-31.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : Feb/15/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107323
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107323
    titleSolaris 10 (sparc) : 119757-31
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-020.NASL
    descriptionUpdated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1. Samba provides file and printer sharing services to SMB/CIFS clients. Greg MacManus of iDEFENSE Labs discovered an integer overflow bug in Samba versions prior to 3.0.10. An authenticated remote user could exploit this bug, which could lead to arbitrary code execution on the Samba server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1154 to this issue. Please note that the patch included in RHSA-2004:681 was incomplete and may not have fixed CVE-2004-1154. These packages contain a complete fix for CVE-2004-1154 along with some additional checks to mitigate similar issues in the future. Users of Samba should upgrade to these updated packages, which contain backported security patches, and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16110
    published2005-01-06
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16110
    titleRHEL 2.1 : samba (RHSA-2005:020)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-681.NASL
    descriptionUpdated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1 Samba provides file and printer sharing services to SMB/CIFS clients. Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in Samba versions prior to 3.0.10. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the Samba server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1154 to this issue. Users of Samba should upgrade to these updated packages, which contain backported security patches, and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16040
    published2004-12-23
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16040
    titleRHEL 2.1 : samba (RHSA-2004:681)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3B3676BE52E111D9A9E70001020EED82.NASL
    descriptionGreg MacManus, iDEFENSE Labs reports : Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. Successful remote exploitation allows an attacker to gain root privileges on a vulnerable system. In order to exploit this vulnerability an attacker must possess credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts will cause the process serving the request to crash with signal 11, and may leave evidence of an attack in logs.
    last seen2020-06-01
    modified2020-06-02
    plugin id18904
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18904
    titleFreeBSD : samba -- integer overflow vulnerability (3b3676be-52e1-11d9-a9e7-0001020eed82)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757-33.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : Sep/13/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107325
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107325
    titleSolaris 10 (sparc) : 119757-33
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-158.NASL
    descriptionRemote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. In order to exploit this vulnerability an attacker must possess credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts will cause the process serving the request to crash with signal 11, and may leave evidence of an attack in logs. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id16065
    published2004-12-28
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16065
    titleMandrake Linux Security Advisory : samba (MDKSA-2004:158)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758-33.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Sep/13/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107828
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107828
    titleSolaris 10 (x86) : 119758-33
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-561.NASL
    description - Fri Dec 17 2004 Jay Fenlason <fenlason at redhat.com> 3.0.10-1.fc2 - New upstream release that closes CVE-2004-1154 bz#142544 - Include the -64bit patch from Nalin. This closes bz#142873 - Update the -logfiles patch to work with 3.0.10 - Create /var/run/winbindd and make it part of the -common rpm to close bz#142242 - move /var/log/samba to -common Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16026
    published2004-12-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16026
    titleFedora Core 2 : samba-3.0.10-1.fc2 (2004-561)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757-37.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : Aug/11/16
    last seen2020-06-01
    modified2020-06-02
    plugin id107328
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107328
    titleSolaris 10 (sparc) : 119757-37
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758-32.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : May/17/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107827
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107827
    titleSolaris 10 (x86) : 119758-32
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-701.NASL
    descriptionIt has been discovered that the last security update for Samba, a LanManager like file and printer server for GNU/Linux and Unix-like systems caused the daemon to crash upon reload. This has been fixed. For reference below is the original advisory text : Greg MacManus discovered an integer overflow in the smb daemon from Samba, a LanManager like file and printer server for GNU/Linux and Unix-like systems. Requesting a very large number of access control descriptors from the server could exploit the integer overflow, which may result in a buffer overflow which could lead to the execution of arbitrary code with root privileges. Upstream developers have discovered more possible integer overflows that are fixed with this update as well.
    last seen2020-06-01
    modified2020-06-02
    plugin id17664
    published2005-04-01
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17664
    titleDebian DSA-701-2 : samba - integer overflows
  • NASL familyGain a shell remotely
    NASL idSAMBA_DACL_OVERFLOW.NASL
    descriptionThe remote Samba server, according to its version number, is vulnerable to a remote buffer overrun resulting from an integer overflow vulnerability. To exploit this flaw, an attacker would need to send to the remote host a malformed packet containing hundreds of thousands of ACLs, which would in turn cause an integer overflow resulting in a small pointer being allocated. An attacker needs a valid account or enough credentials to exploit this flaw.
    last seen2020-06-01
    modified2020-06-02
    plugin id15985
    published2004-12-16
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15985
    titleSamba smbd Security Descriptor Parsing Remote Overflow
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-670.NASL
    descriptionUpdated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 3. Samba provides file and printer sharing services to SMB/CIFS clients. Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in Samba versions prior to 3.0.10. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the Samba server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1154 to this issue. Users of Samba should upgrade to these updated packages, which contain backported security patches, and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15992
    published2004-12-17
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15992
    titleRHEL 3 : samba (RHSA-2004:670)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758-38.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Apr/17/17
    last seen2020-06-01
    modified2020-06-02
    plugin id107832
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107832
    titleSolaris 10 (x86) : 119758-38
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757-32.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : May/17/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107324
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107324
    titleSolaris 10 (sparc) : 119757-32
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758-44.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Oct/14/19
    last seen2020-06-01
    modified2020-06-02
    plugin id129873
    published2019-10-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129873
    titleSolaris 10 (x86) : 119758-44
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119757 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id19204
    published2005-07-14
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=19204
    titleSolaris 10 (sparc) : 119757-43 (deprecated)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200412-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200412-13 (Samba: Integer overflow) Samba contains a bug when unmarshalling specific MS-RPC requests from clients. Impact : A remote attacker may be able to execute arbitrary code with the permissions of the user running Samba, which could be the root user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id15997
    published2004-12-19
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15997
    titleGLSA-200412-13 : Samba: Integer overflow
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758-31.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Feb/15/14
    last seen2020-06-01
    modified2020-06-02
    plugin id107826
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107826
    titleSolaris 10 (x86) : 119758-31
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758-34.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Apr/13/15
    last seen2020-06-01
    modified2020-06-02
    plugin id107829
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107829
    titleSolaris 10 (x86) : 119758-34
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-41-1.NASL
    descriptionGreg MacManus discovered an integer overflow in Samba
    last seen2020-06-01
    modified2020-06-02
    plugin id20658
    published2006-01-15
    reporterUbuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20658
    titleUbuntu 4.10 : samba vulnerability (USN-41-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-562.NASL
    description - Fri Dec 17 2004 Jay Fenlason <fenlason at redhat.com> 3.0.10-1.fc3 - New upstream release that closes CVE-2004-1154 bz#142544 - Include the -64bit patch from Nalin. This closes bz#142873 - Update the -logfiles patch to work with 3.0.10 - Create /var/run/winbindd and make it part of the -common rpm to close bz#142242 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16027
    published2004-12-23
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16027
    titleFedora Core 3 : samba-3.0.10-1.fc3 (2004-562)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119758 patch-revision plugins, or deemed non-security related.
    last seen2019-02-21
    modified2018-07-30
    plugin id19207
    published2005-07-14
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=19207
    titleSolaris 10 (x86) : 119758-43 (deprecated)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_119758-43.NASL
    descriptionSunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Nov/09/17
    last seen2020-06-01
    modified2020-06-02
    plugin id107833
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107833
    titleSolaris 10 (x86) : 119758-43
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119757-34.NASL
    descriptionSunOS 5.10: Samba patch. Date this patch was last updated by Sun : Apr/13/15
    last seen2020-06-01
    modified2020-06-02
    plugin id107326
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107326
    titleSolaris 10 (sparc) : 119757-34

Oval

  • accepted2013-04-29T04:03:51.464-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    descriptionInteger overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
    familyunix
    idoval:org.mitre.oval:def:10236
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleInteger overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
    version26
  • accepted2006-03-09T12:19:00.000-04:00
    classvulnerability
    contributors
    nameRobert L. Hollis
    organizationThreatGuard, Inc.
    descriptionInteger overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
    familyunix
    idoval:org.mitre.oval:def:1459
    statusaccepted
    submitted2006-01-13T02:24:00.000-04:00
    titleHP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.01)
    version36
  • accepted2010-09-20T04:00:33.713-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionInteger overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
    familyunix
    idoval:org.mitre.oval:def:642
    statusaccepted
    submitted2006-01-13T02:24:00.000-04:00
    titleHP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.02)
    version37

Redhat

advisories
rhsa
idRHSA-2005:020
rpms
  • samba-0:3.0.9-1.3E.1
  • samba-client-0:3.0.9-1.3E.1
  • samba-common-0:3.0.9-1.3E.1
  • samba-debuginfo-0:3.0.9-1.3E.1
  • samba-swat-0:3.0.9-1.3E.1