Vulnerabilities > CVE-2004-1154 - Remote Integer Overflow vulnerability in Samba Directory Access Control List
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
Vulnerable Configurations
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-36.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Mar/10/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107327 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107327 title Solaris 10 (sparc) : 119757-36 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107327); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2004-0930", "CVE-2004-1154", "CVE-2009-1888"); script_name(english:"Solaris 10 (sparc) : 119757-36"); script_summary(english:"Check for patch 119757-36"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119757-36" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Mar/10/16" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119757-36" ); script_set_attribute(attribute:"solution", value:"Install patch 119757-36 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-1154"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119757"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122675"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146363"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbaS", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbac", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbar", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-36", obsoleted_by:"", package:"SUNWsmbau", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsfman / SUNWsmbaS / SUNWsmbac / SUNWsmbar / SUNWsmbau"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-37.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Aug/11/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107831 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107831 title Solaris 10 (x86) : 119758-37 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107831); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2004-0930", "CVE-2004-1154", "CVE-2009-1888"); script_name(english:"Solaris 10 (x86) : 119758-37"); script_summary(english:"Check for patch 119758-37"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119758-37" ); script_set_attribute( attribute:"description", value: "SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Aug/11/16" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119758-37" ); script_set_attribute(attribute:"solution", value:"Install patch 119758-37 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-1154"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119758"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122676"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146364"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbaS", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbac", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbar", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++; if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"119758-37", obsoleted_by:"", package:"SUNWsmbau", version:"11.10.0,REV=2005.01.08.01.09") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsfman / SUNWsmbaS / SUNWsmbac / SUNWsmbar / SUNWsmbau"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-30.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Jan/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107322 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107322 title Solaris 10 (sparc) : 119757-30 code # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(107322); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2004-0930", "CVE-2004-1154", "CVE-2009-1888"); script_name(english:"Solaris 10 (sparc) : 119757-30"); script_summary(english:"Check for patch 119757-30"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 119757-30" ); script_set_attribute( attribute:"description", value: "SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Jan/14/14" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/119757-30" ); script_set_attribute(attribute:"solution", value:"Install patch 119757-30 or higher"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2004-1154"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119757"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122675"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:146363"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); showrev = get_kb_item("Host/Solaris/showrev"); if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris"); os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev); if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris"); full_ver = os_ver[1]; os_level = os_ver[2]; if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level); package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev); if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH); package_arch = package_arch[1]; if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbaS", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbac", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbar", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119757-30", obsoleted_by:"", package:"SUNWsmbau", version:"11.10.0,REV=2005.01.08.05.16") < 0) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : solaris_get_report() ); } else { patch_fix = solaris_patch_fix_get(); if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10"); tested = solaris_pkg_tests_get(); if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWsfman / SUNWsmbaS / SUNWsmbac / SUNWsmbar / SUNWsmbau"); }NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-44.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Oct/14/19 last seen 2020-06-01 modified 2020-06-02 plugin id 129869 published 2019-10-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129869 title Solaris 10 (sparc) : 119757-44 NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-38.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Apr/17/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107329 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107329 title Solaris 10 (sparc) : 119757-38 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-36.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Mar/10/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107830 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107830 title Solaris 10 (x86) : 119758-36 NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_045.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:045 (samba). The Samba developers informed us about several potential integer overflow issues in the Samba 2 and Samba 3 code. This update adds constraints to the Samba server code which protects it from using values from untrusted sources as operands in arithmetic operations to determine heap memory space needed to copy data. Without these limitations a remote attacker may be able to overflow the heap memory of the process and to overwrite vital information structures which can be abused to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 16304 published 2005-02-03 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16304 title SUSE-SA:2004:045: samba NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-43.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Nov/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107330 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107330 title Solaris 10 (sparc) : 119757-43 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-30.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Jan/14/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107825 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107825 title Solaris 10 (x86) : 119758-30 NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-31.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Feb/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107323 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107323 title Solaris 10 (sparc) : 119757-31 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-020.NASL description Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1. Samba provides file and printer sharing services to SMB/CIFS clients. Greg MacManus of iDEFENSE Labs discovered an integer overflow bug in Samba versions prior to 3.0.10. An authenticated remote user could exploit this bug, which could lead to arbitrary code execution on the Samba server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1154 to this issue. Please note that the patch included in RHSA-2004:681 was incomplete and may not have fixed CVE-2004-1154. These packages contain a complete fix for CVE-2004-1154 along with some additional checks to mitigate similar issues in the future. Users of Samba should upgrade to these updated packages, which contain backported security patches, and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16110 published 2005-01-06 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16110 title RHEL 2.1 : samba (RHSA-2005:020) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-681.NASL description Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1 Samba provides file and printer sharing services to SMB/CIFS clients. Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in Samba versions prior to 3.0.10. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the Samba server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1154 to this issue. Users of Samba should upgrade to these updated packages, which contain backported security patches, and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16040 published 2004-12-23 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16040 title RHEL 2.1 : samba (RHSA-2004:681) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_3B3676BE52E111D9A9E70001020EED82.NASL description Greg MacManus, iDEFENSE Labs reports : Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. Successful remote exploitation allows an attacker to gain root privileges on a vulnerable system. In order to exploit this vulnerability an attacker must possess credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts will cause the process serving the request to crash with signal 11, and may leave evidence of an attack in logs. last seen 2020-06-01 modified 2020-06-02 plugin id 18904 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18904 title FreeBSD : samba -- integer overflow vulnerability (3b3676be-52e1-11d9-a9e7-0001020eed82) NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-33.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Sep/13/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107325 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107325 title Solaris 10 (sparc) : 119757-33 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-158.NASL description Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges. In order to exploit this vulnerability an attacker must possess credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts will cause the process serving the request to crash with signal 11, and may leave evidence of an attack in logs. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 16065 published 2004-12-28 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16065 title Mandrake Linux Security Advisory : samba (MDKSA-2004:158) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-33.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Sep/13/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107828 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107828 title Solaris 10 (x86) : 119758-33 NASL family Fedora Local Security Checks NASL id FEDORA_2004-561.NASL description - Fri Dec 17 2004 Jay Fenlason <fenlason at redhat.com> 3.0.10-1.fc2 - New upstream release that closes CVE-2004-1154 bz#142544 - Include the -64bit patch from Nalin. This closes bz#142873 - Update the -logfiles patch to work with 3.0.10 - Create /var/run/winbindd and make it part of the -common rpm to close bz#142242 - move /var/log/samba to -common Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16026 published 2004-12-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16026 title Fedora Core 2 : samba-3.0.10-1.fc2 (2004-561) NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-37.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Aug/11/16 last seen 2020-06-01 modified 2020-06-02 plugin id 107328 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107328 title Solaris 10 (sparc) : 119757-37 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-32.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : May/17/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107827 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107827 title Solaris 10 (x86) : 119758-32 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-701.NASL description It has been discovered that the last security update for Samba, a LanManager like file and printer server for GNU/Linux and Unix-like systems caused the daemon to crash upon reload. This has been fixed. For reference below is the original advisory text : Greg MacManus discovered an integer overflow in the smb daemon from Samba, a LanManager like file and printer server for GNU/Linux and Unix-like systems. Requesting a very large number of access control descriptors from the server could exploit the integer overflow, which may result in a buffer overflow which could lead to the execution of arbitrary code with root privileges. Upstream developers have discovered more possible integer overflows that are fixed with this update as well. last seen 2020-06-01 modified 2020-06-02 plugin id 17664 published 2005-04-01 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17664 title Debian DSA-701-2 : samba - integer overflows NASL family Gain a shell remotely NASL id SAMBA_DACL_OVERFLOW.NASL description The remote Samba server, according to its version number, is vulnerable to a remote buffer overrun resulting from an integer overflow vulnerability. To exploit this flaw, an attacker would need to send to the remote host a malformed packet containing hundreds of thousands of ACLs, which would in turn cause an integer overflow resulting in a small pointer being allocated. An attacker needs a valid account or enough credentials to exploit this flaw. last seen 2020-06-01 modified 2020-06-02 plugin id 15985 published 2004-12-16 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15985 title Samba smbd Security Descriptor Parsing Remote Overflow NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-670.NASL description Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 3. Samba provides file and printer sharing services to SMB/CIFS clients. Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in Samba versions prior to 3.0.10. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the Samba server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1154 to this issue. Users of Samba should upgrade to these updated packages, which contain backported security patches, and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15992 published 2004-12-17 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15992 title RHEL 3 : samba (RHSA-2004:670) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-38.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Apr/17/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107832 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107832 title Solaris 10 (x86) : 119758-38 NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-32.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : May/17/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107324 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107324 title Solaris 10 (sparc) : 119757-32 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-44.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Oct/14/19 last seen 2020-06-01 modified 2020-06-02 plugin id 129873 published 2019-10-15 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129873 title Solaris 10 (x86) : 119758-44 NASL family Solaris Local Security Checks NASL id SOLARIS10_119757.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119757 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 19204 published 2005-07-14 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=19204 title Solaris 10 (sparc) : 119757-43 (deprecated) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200412-13.NASL description The remote host is affected by the vulnerability described in GLSA-200412-13 (Samba: Integer overflow) Samba contains a bug when unmarshalling specific MS-RPC requests from clients. Impact : A remote attacker may be able to execute arbitrary code with the permissions of the user running Samba, which could be the root user. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15997 published 2004-12-19 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15997 title GLSA-200412-13 : Samba: Integer overflow NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-31.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Feb/15/14 last seen 2020-06-01 modified 2020-06-02 plugin id 107826 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107826 title Solaris 10 (x86) : 119758-31 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-34.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107829 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107829 title Solaris 10 (x86) : 119758-34 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-41-1.NASL description Greg MacManus discovered an integer overflow in Samba last seen 2020-06-01 modified 2020-06-02 plugin id 20658 published 2006-01-15 reporter Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20658 title Ubuntu 4.10 : samba vulnerability (USN-41-1) NASL family Fedora Local Security Checks NASL id FEDORA_2004-562.NASL description - Fri Dec 17 2004 Jay Fenlason <fenlason at redhat.com> 3.0.10-1.fc3 - New upstream release that closes CVE-2004-1154 bz#142544 - Include the -64bit patch from Nalin. This closes bz#142873 - Update the -logfiles patch to work with 3.0.10 - Create /var/run/winbindd and make it part of the -common rpm to close bz#142242 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 16027 published 2004-12-23 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16027 title Fedora Core 3 : samba-3.0.10-1.fc3 (2004-562) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119758 patch-revision plugins, or deemed non-security related. last seen 2019-02-21 modified 2018-07-30 plugin id 19207 published 2005-07-14 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=19207 title Solaris 10 (x86) : 119758-43 (deprecated) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_119758-43.NASL description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Nov/09/17 last seen 2020-06-01 modified 2020-06-02 plugin id 107833 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107833 title Solaris 10 (x86) : 119758-43 NASL family Solaris Local Security Checks NASL id SOLARIS10_119757-34.NASL description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Apr/13/15 last seen 2020-06-01 modified 2020-06-02 plugin id 107326 published 2018-03-12 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107326 title Solaris 10 (sparc) : 119757-34
Oval
accepted 2013-04-29T04:03:51.464-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. family unix id oval:org.mitre.oval:def:10236 status accepted submitted 2010-07-09T03:56:16-04:00 title Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. version 26 accepted 2006-03-09T12:19:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. family unix id oval:org.mitre.oval:def:1459 status accepted submitted 2006-01-13T02:24:00.000-04:00 title HP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.01) version 36 accepted 2010-09-20T04:00:33.713-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation
description Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. family unix id oval:org.mitre.oval:def:642 status accepted submitted 2006-01-13T02:24:00.000-04:00 title HP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.02) version 37
Redhat
| advisories |
| ||||
| rpms |
|
References
- ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
- http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
- http://secunia.com/advisories/13453/
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1
- http://www.debian.org/security/2005/dsa-701
- http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/226184
- http://www.novell.com/linux/security/advisories/2004_45_samba.html
- http://www.redhat.com/support/errata/RHSA-2005-020.html
- http://www.samba.org/samba/security/CAN-2004-1154.html
- http://www.securityfocus.com/bid/11973
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18519
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10236
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1459
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A642