ID CVE-2004-0807
Summary Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
References
Vulnerable Configurations
  • Samba 3.0.0
    cpe:2.3:a:samba:samba:3.0.0
  • Samba 3.0.1
    cpe:2.3:a:samba:samba:3.0.1
  • Samba 3.0.2
    cpe:2.3:a:samba:samba:3.0.2
  • Samba 3.0.2a
    cpe:2.3:a:samba:samba:3.0.2a
  • Samba 3.0.3
    cpe:2.3:a:samba:samba:3.0.3
  • Samba 3.0.4
    cpe:2.3:a:samba:samba:3.0.4
  • Samba 3.0.4 release candidate 1
    cpe:2.3:a:samba:samba:3.0.4:rc1
  • Samba 3.0.5
    cpe:2.3:a:samba:samba:3.0.5
  • Samba 3.0.6
    cpe:2.3:a:samba:samba:3.0.6
  • cpe:2.3:a:sgi:samba:3.0:-:irix
    cpe:2.3:a:sgi:samba:3.0:-:irix
  • cpe:2.3:a:sgi:samba:3.0.1:-:irix
    cpe:2.3:a:sgi:samba:3.0.1:-:irix
  • cpe:2.3:a:sgi:samba:3.0.2:-:irix
    cpe:2.3:a:sgi:samba:3.0.2:-:irix
  • cpe:2.3:a:sgi:samba:3.0.3:-:irix
    cpe:2.3:a:sgi:samba:3.0.3:-:irix
  • cpe:2.3:a:sgi:samba:3.0.4:-:irix
    cpe:2.3:a:sgi:samba:3.0.4:-:irix
  • cpe:2.3:a:sgi:samba:3.0.5:-:irix
    cpe:2.3:a:sgi:samba:3.0.5:-:irix
  • cpe:2.3:a:sgi:samba:3.0.6:-:irix
    cpe:2.3:a:sgi:samba:3.0.6:-:irix
  • Conectiva Linux 9.0
    cpe:2.3:o:conectiva:linux:9.0
  • Conectiva Linux 10.0
    cpe:2.3:o:conectiva:linux:10.0
  • MandrakeSoft Mandrake Linux 10.0
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0
  • cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
    cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:-:amd64
  • cpe:2.3:o:suse:suse_linux:8:-:enterprise_server
    cpe:2.3:o:suse:suse_linux:8:-:enterprise_server
  • SuSE SuSE Linux 8.1
    cpe:2.3:o:suse:suse_linux:8.1
  • SuSE SuSE Linux 8.2
    cpe:2.3:o:suse:suse_linux:8.2
  • SuSE SuSE Linux 9.0
    cpe:2.3:o:suse:suse_linux:9.0
  • cpe:2.3:o:suse:suse_linux:9.0:-:enterprise_server
    cpe:2.3:o:suse:suse_linux:9.0:-:enterprise_server
  • cpe:2.3:o:suse:suse_linux:9.0:-:x86_64
    cpe:2.3:o:suse:suse_linux:9.0:-:x86_64
  • SuSE SuSE Linux 9.1
    cpe:2.3:o:suse:suse_linux:9.1
CVSS
Base: 5.0 (as of 15-06-2005 - 13:18)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-257-01.NASL
    description New samba packages are available for Slackware 10.0 and -current. These fix two denial of service vulnerabilities reported by iDEFENSE. Slackware -current has been upgraded to samba-3.0.7, while the samba-3.0.5 included with Slackware 10.0 has been patched to fix these issues. Sites running Samba 3.x should upgrade to the new package. Versions of Samba before 3.0.x are not affected by these flaws.
    last seen 2019-02-21
    modified 2013-06-01
    plugin id 18757
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18757
    title Slackware 10.0 / current : samba DoS (SSA:2004-257-01)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A711DE5C05FA11D9A9B200061BC2AD93.NASL
    description Code found in nmbd and smbd may allow a remote attacker to effectively crash the nmbd server or use the smbd server to exhaust the system memory.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37486
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37486
    title FreeBSD : samba3 DoS attack (a711de5c-05fa-11d9-a9b2-00061bc2ad93)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200409-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200409-16 (Samba: Denial of Service vulnerabilities) There is a defect in smbd's ASN.1 parsing. A bad packet received during the authentication request could throw newly-spawned smbd processes into an infinite loop (CAN-2004-0807). Another defect was found in nmbd's processing of mailslot packets, where a bad NetBIOS request could crash the nmbd process (CAN-2004-0808). Impact : A remote attacker could send specially crafted packets to trigger both defects. The ASN.1 parsing issue can be exploited to exhaust all available memory on the Samba host, potentially denying all service to that server. The nmbd issue can be exploited to crash the nmbd process, resulting in a Denial of Service condition on the Samba server. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 14710
    published 2004-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14710
    title GLSA-200409-16 : Samba: Denial of Service vulnerabilities
  • NASL family Denial of Service
    NASL id SAMBA_ASN1_DOS.NASL
    description The remote Samba server, according to its version number, is vulnerable to a denial of service. There is a bug in the remote smbd ASN.1 parsing that could allow an attacker to cause a denial of service attack against the remote host by sending a specially crafted ASN.1 packet during the authentication request that could make the newly-spawned smbd process run into an infinite loop. By establishing multiple connections and sending such packets, an attacker could consume all the CPU and memory of the remote host, thus crashing it remotely. Another bug could allow an attacker to crash the remote nmbd process by sending a malformed NetBIOS packet.
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 14711
    published 2004-09-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14711
    title Samba < 3.0.7 Multiple Remote DoS
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-467.NASL
    description Updated samba packages that fix two denial of service vulnerabilities are now available. [Updated 23rd September 2004] Packages have been updated to include the ppc64 packages which were left out of the initial errata. Samba provides file and printer sharing services to SMB/CIFS clients. The Samba team has discovered a denial of service bug in the smbd daemon. A defect in smbd's ASN.1 parsing allows an attacker to send a specially crafted packet during the authentication request which will send the newly spawned smbd process into an infinite loop. Given enough of these packets, it is possible to exhaust the available memory on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0807 to this issue. Additionally the Samba team has also discovered a denial of service bug in the nmbd daemon. It is possible that an attacker could send a specially crafted UDP packet which could allow the attacker to anonymously crash nmbd. This issue only affects nmbd daemons which are configured to process domain logons. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0808 to this issue. Users of Samba should upgrade to these updated packages, which contain an upgrade to Samba-3.0.7, which is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 14801
    published 2004-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14801
    title RHEL 3 : samba (RHSA-2004:467)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-092.NASL
    description Two vulnerabilities were discovered in samba 3.0.x; the first is a defect in smbd's ASN.1 parsing that allows an attacker to send a specially crafted packet during the authentication request which will send the newly spawned smbd process into an infinite loop. As a result, it is possible to use up all available memory on the server. The second vulnerability is in nmbd's processing of mailslot packets which could allow an attacker to anonymously crash nmbd. The provided packages are patched to protect against these two vulnerabilities.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14723
    published 2004-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14723
    title Mandrake Linux Security Advisory : samba (MDKSA-2004:092)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_SAMBA_307_1.NASL
    description The following package needs to be updated: samba3
    last seen 2016-09-26
    modified 2004-09-14
    plugin id 14720
    published 2004-09-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14720
    title FreeBSD : samba3 DoS attack (174)
oval via4
accepted 2013-04-29T04:11:48.407-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
family unix
id oval:org.mitre.oval:def:11141
status accepted
submitted 2010-07-09T03:56:16-04:00
title Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
version 23
redhat via4
advisories
rhsa
id RHSA-2004:467
refmap via4
bugtraq
  • 20040913 Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)
  • 20040915 [OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba)
conectiva CLA-2004:873
gentoo GLSA-200409-16
idefense 20040913 Samba 3.x SMBD Remote Denial of Service Vulnerability
mandrake MDKSA-2004:092
sgi 20041201-01-P
trustix 2004-0046
Last major update 17-10-2016 - 22:49
Published 13-09-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top