fkie_cve-2004-0882
Vulnerability from fkie_nvd
Published
2005-01-27 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
cve@mitre.orghttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110054671403755&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110055646329581&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110330519803655&w=2
cve@mitre.orghttp://secunia.com/advisories/13189
cve@mitre.orghttp://security.e-matters.de/advisories/132004.html
cve@mitre.orghttp://securitytracker.com/id?1012235
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/p-038.shtml
cve@mitre.orghttp://www.kb.cert.org/vuls/id/457622US Government Resource
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2004_40_samba.html
cve@mitre.orghttp://www.osvdb.org/11782
cve@mitre.orghttp://www.trustix.net/errata/2004/0058/Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18070
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
af854a3a-2127-422b-91ae-364da2661108http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110054671403755&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110055646329581&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110330519803655&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13189
af854a3a-2127-422b-91ae-364da2661108http://security.e-matters.de/advisories/132004.html
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1012235
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/p-038.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/457622US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2004_40_samba.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/11782
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.net/errata/2004/0058/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18070
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969
Impacted products
Vendor Product Version
samba samba 3.0.0
samba samba 3.0.1
samba samba 3.0.2
samba samba 3.0.2a
samba samba 3.0.3
samba samba 3.0.4
samba samba 3.0.4
samba samba 3.0.5
samba samba 3.0.6
samba samba 3.0.7
conectiva linux 10.0
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 2.1
redhat enterprise_linux 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux 3.0
redhat enterprise_linux_desktop 3.0
redhat fedora_core core_2.0
redhat fedora_core core_3.0
redhat linux_advanced_workstation 2.1
redhat linux_advanced_workstation 2.1
ubuntu ubuntu_linux 4.1
ubuntu ubuntu_linux 4.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F84FB25B-5EA5-48DC-B528-E8CCF714C919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "216145B7-4716-42F7-90DC-03884ECB2271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "898968E5-577E-4B86-A804-EBEC67157A61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "920EF846-41D1-429D-AF0F-3D7950F93069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8016DC4F-F410-4401-BDCC-91BE0D44D028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC94A2CF-85DF-4BB5-8F78-470A3454C3CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "632D2489-3B5E-466E-A6DF-1EF00303869B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FC116E5-B739-4E18-AA51-FFF59EBCA08F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D40F682-9F2E-465F-98F7-23E1036C74A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9478CC84-802F-4960-ACAB-3700154E813F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
              "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
              "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
              "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
              "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
              "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
              "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
              "matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
              "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small \"maximum data bytes\" value."
    }
  ],
  "id": "CVE-2004-0882",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-01-27T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000899"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110054671403755\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110055646329581\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=110330519803655\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/13189"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.e-matters.de/advisories/132004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1012235"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/p-038.shtml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/457622"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_40_samba.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/11782"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.trustix.net/errata/2004/0058/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18070"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110054671403755\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110055646329581\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=110330519803655\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/13189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.e-matters.de/advisories/132004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1012235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/p-038.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/457622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_40_samba.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/11782"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.trustix.net/errata/2004/0058/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.