ID CVE-2004-0930
Summary The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
References
Vulnerable Configurations
  • Samba 3.0.0
    cpe:2.3:a:samba:samba:3.0.0
  • Samba 3.0.3
    cpe:2.3:a:samba:samba:3.0.3
  • Samba 3.0.4
    cpe:2.3:a:samba:samba:3.0.4
  • Samba 3.0.5
    cpe:2.3:a:samba:samba:3.0.5
  • Samba 3.0.6
    cpe:2.3:a:samba:samba:3.0.6
  • Samba 3.0.7
    cpe:2.3:a:samba:samba:3.0.7
  • cpe:2.3:a:sgi:samba:3.0:-:irix
    cpe:2.3:a:sgi:samba:3.0:-:irix
  • cpe:2.3:a:sgi:samba:3.0.1:-:irix
    cpe:2.3:a:sgi:samba:3.0.1:-:irix
  • cpe:2.3:a:sgi:samba:3.0.2:-:irix
    cpe:2.3:a:sgi:samba:3.0.2:-:irix
  • cpe:2.3:a:sgi:samba:3.0.3:-:irix
    cpe:2.3:a:sgi:samba:3.0.3:-:irix
  • cpe:2.3:a:sgi:samba:3.0.4:-:irix
    cpe:2.3:a:sgi:samba:3.0.4:-:irix
  • cpe:2.3:a:sgi:samba:3.0.5:-:irix
    cpe:2.3:a:sgi:samba:3.0.5:-:irix
  • cpe:2.3:a:sgi:samba:3.0.6:-:irix
    cpe:2.3:a:sgi:samba:3.0.6:-:irix
  • cpe:2.3:a:sgi:samba:3.0.7:-:irix
    cpe:2.3:a:sgi:samba:3.0.7:-:irix
  • Conectiva Linux 10.0
    cpe:2.3:o:conectiva:linux:10.0
  • Gentoo Linux
    cpe:2.3:o:gentoo:linux
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:advanced_server_ia64
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:enterprise_server_ia64
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation
  • cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation_ia64
    cpe:2.3:o:redhat:enterprise_linux:2.1:-:workstation_ia64
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation_server
  • Red Hat Desktop 3.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
  • cpe:2.3:o:redhat:fedora_core:core_2.0
    cpe:2.3:o:redhat:fedora_core:core_2.0
  • cpe:2.3:o:redhat:fedora_core:core_3.0
    cpe:2.3:o:redhat:fedora_core:core_3.0
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:ia64
  • cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
    cpe:2.3:o:redhat:linux_advanced_workstation:2.1:-:itanium_processor
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_SAMBA_308.NASL
    description The following package needs to be updated: samba
    last seen 2016-09-26
    modified 2004-11-23
    plugin id 15811
    published 2004-11-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15811
    title FreeBSD : samba -- potential remote DoS vulnerability (175)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SA_2004_040.NASL
    description The remote host is missing the patch for the advisory SUSE-SA:2004:040 (samba). There is a problem in the Samba file sharing service daemon, which allows a remote user to have the service consume lots of computing power and potentially crash the service by querying special wildcarded filenames. This attack can be successful if the Samba daemon is running and a remote user has access to a share (even read only). The Samba team has issued the new Samba version 3.0.8 to fix this problem, this update backports the relevant patch. This issue has been assigned the Mitre CVE ID CVE-2004-0930. Stefan Esser found a problem in the Unicode string handling in the Samba file handling which could lead to a remote heap buffer overflow and might allow remote attackers to inject code in the smbd process. This issue has been assigned the Mitre CVE ID CVE-2004-0882. We provide updated packages for both these problems. The Samba version 2 packages are not affected by this problem.
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 15726
    published 2004-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15726
    title SUSE-SA:2004:040: samba
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_BA13DC13340D11D9AC1B000D614F7FAD.NASL
    description Karol Wiesek at iDEFENSE reports : A remote attacker could cause an smbd process to consume abnormal amounts of system resources due to an input validation error when matching filenames containing wildcard characters. Although samba.org classifies this as a DoS vulnerability, several members of the security community believe it may be exploitable for arbitrary code execution.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 36259
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36259
    title FreeBSD : samba -- potential remote DoS vulnerability (ba13dc13-340d-11d9-ac1b-000d614f7fad)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-131.NASL
    description Karol Wiesek discovered a bug in the input validation routines in Samba 3.x used to match filename strings containing wildcard characters. This bug may allow a user to consume more than normal amounts of CPU cycles which would impact the performance and response of the server. In some cases it could also cause the server to become entirely unresponsive. The updated packages are patched to prevent this problem with patches from the Samba team. This vulnerability is fixed in samba 3.0.8.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15699
    published 2004-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15699
    title Mandrake Linux Security Advisory : samba (MDKSA-2004:131)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-632.NASL
    description Updated samba packages that fix various security vulnerabilities are now available. Samba provides file and printer sharing services to SMB/CIFS clients. During a code audit, Stefan Esser discovered a buffer overflow in Samba versions prior to 3.0.8 when handling unicode filenames. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0882 to this issue. Red Hat believes that the Exec-Shield technology (enabled by default since Update 3) will block attempts to remotely exploit this vulnerability on x86 architectures. Additionally, a bug was found in the input validation routines in versions of Samba prior to 3.0.8 that caused the smbd process to consume abnormal amounts of system memory. An authenticated remote user could exploit this bug to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0930 to this issue. Users of Samba should upgrade to these updated packages, which contain backported security patches, and are not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 15741
    published 2004-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15741
    title RHEL 2.1 / 3 : samba (RHSA-2004:632)
  • NASL family Misc.
    NASL id SAMBA_WILDCARD.NASL
    description The remote Samba server, according to its version number, is affected by a remote denial of service vulnerability as well as a buffer overflow. The Wild Card DoS vulnerability may allow an attacker to make the remote server consume excessive CPU cycles. The QFILEPATHINFO Remote buffer overflow vulnerability may allow an attacker to execute code on the server. An attacker needs a valid account or enough credentials to exploit those flaws.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15705
    published 2004-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15705
    title Samba Multiple Remote Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-22-1.NASL
    description Karol Wiesek discovered a Denial of Service vulnerability in samba. A flaw in the input validation routines used to match filename strings containing wildcard characters may allow a remote user to consume more than normal amounts of CPU resources, thus impacting the performance and response of the server. In some circumstances the server can become entirely unresponsive. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-25
    plugin id 20637
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20637
    title Ubuntu 4.10 : samba vulnerability (USN-22-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200411-21.NASL
    description The remote host is affected by the vulnerability described in GLSA-200411-21 (Samba: Multiple vulnerabilities) Samba fails to do proper bounds checking when handling TRANSACT2_QFILEPATHINFO replies. Additionally an input validation flaw exists in ms_fnmatch.c when matching filenames that contain wildcards. Impact : An attacker may be able to execute arbitrary code with the permissions of the user running Samba. A remote attacker may also be able to cause an abnormal consumption of CPU resources, resulting in slower performance of the server or even a Denial of Service. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 15696
    published 2004-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15696
    title GLSA-200411-21 : Samba: Multiple vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119758-32.NASL
    description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : May/17/14
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107827
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107827
    title Solaris 10 (x86) : 119758-32
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119757-36.NASL
    description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Mar/10/16
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107327
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107327
    title Solaris 10 (sparc) : 119757-36
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119757-32.NASL
    description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : May/17/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107324
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107324
    title Solaris 10 (sparc) : 119757-32
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119757-34.NASL
    description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Apr/13/15
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107326
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107326
    title Solaris 10 (sparc) : 119757-34
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119758-43.NASL
    description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Nov/09/17
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107833
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107833
    title Solaris 10 (x86) : 119758-43
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119758-38.NASL
    description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Apr/17/17
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107832
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107832
    title Solaris 10 (x86) : 119758-38
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119758-33.NASL
    description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Sep/13/14
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107828
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107828
    title Solaris 10 (x86) : 119758-33
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119758.NASL
    description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119758 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 19207
    published 2005-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19207
    title Solaris 10 (x86) : 119758-43 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119757-33.NASL
    description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Sep/13/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107325
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107325
    title Solaris 10 (sparc) : 119757-33
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119758-30.NASL
    description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Jan/14/14
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107825
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107825
    title Solaris 10 (x86) : 119758-30
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119758-36.NASL
    description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Mar/10/16
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107830
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107830
    title Solaris 10 (x86) : 119758-36
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119758-37.NASL
    description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Aug/11/16
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107831
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107831
    title Solaris 10 (x86) : 119758-37
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119757-38.NASL
    description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Apr/17/17
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107329
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107329
    title Solaris 10 (sparc) : 119757-38
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119757-30.NASL
    description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Jan/14/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107322
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107322
    title Solaris 10 (sparc) : 119757-30
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119757-43.NASL
    description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Nov/09/17
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107330
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107330
    title Solaris 10 (sparc) : 119757-43
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119757-37.NASL
    description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Aug/11/16
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107328
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107328
    title Solaris 10 (sparc) : 119757-37
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119757-31.NASL
    description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Feb/15/14
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107323
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107323
    title Solaris 10 (sparc) : 119757-31
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119758-34.NASL
    description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Apr/13/15
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107829
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107829
    title Solaris 10 (x86) : 119758-34
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_119757.NASL
    description SunOS 5.10: Samba patch. Date this patch was last updated by Sun : Nov/09/17 This plugin has been deprecated and either replaced with individual 119757 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 19204
    published 2005-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19204
    title Solaris 10 (sparc) : 119757-43 (deprecated)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_119758-31.NASL
    description SunOS 5.10_x86: Samba patch. Date this patch was last updated by Sun : Feb/15/14
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107826
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107826
    title Solaris 10 (x86) : 119758-31
oval via4
accepted 2013-04-29T04:10:05.595-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
family unix
id oval:org.mitre.oval:def:10936
status accepted
submitted 2010-07-09T03:56:16-04:00
title The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
version 24
redhat via4
advisories
bugzilla
id 138325
title CAN-2004-0930 wildcard remote DoS
oval
AND
  • comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20030315001
  • OR
    • AND
      • comment samba-client is earlier than 0:3.0.7-1.3E.1
        oval oval:com.redhat.rhsa:tst:20040632004
      • comment samba-client is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20040064005
    • AND
      • comment samba-common is earlier than 0:3.0.7-1.3E.1
        oval oval:com.redhat.rhsa:tst:20040632006
      • comment samba-common is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20040064007
    • AND
      • comment samba is earlier than 0:3.0.7-1.3E.1
        oval oval:com.redhat.rhsa:tst:20040632002
      • comment samba is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20040064003
    • AND
      • comment samba-swat is earlier than 0:3.0.7-1.3E.1
        oval oval:com.redhat.rhsa:tst:20040632008
      • comment samba-swat is signed with Red Hat master key
        oval oval:com.redhat.rhsa:tst:20040064009
rhsa
id RHSA-2004:632
released 2004-11-16
severity Important
title RHSA-2004:632: samba security update (Important)
rpms
  • samba-client-0:3.0.7-1.3E.1
  • samba-common-0:3.0.7-1.3E.1
  • samba-0:3.0.7-1.3E.1
  • samba-swat-0:3.0.7-1.3E.1
refmap via4
apple APPLE-SA-2005-03-21
bid 11624
bugtraq 20041108 [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability
conectiva CLA-2004:899
gentoo GLSA-200411-21
idefense 20041108 Samba SMBD Remote Denial of Service Vulnerability
mandrake MDKSA-2004:131
openpkg OpenPKG-SA-2004.054
sco SCOSA-2005.17
sgi 20041201-01-P
sunalert 101783
suse SUSE-SA:2004:040
ubuntu USN-22-1
xf samba-msfnmatch-dos(17987)
Last major update 07-12-2016 - 21:59
Published 27-01-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top