Executive Summary
| Summary | |
|---|---|
| Title | Updated samba packages fix vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2004:467 | First vendor Publication | 2004-09-22 |
| Vendor | RedHat | Last vendor Modification | 2004-09-22 |
| Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: Updated samba packages that fix two denial of service vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Samba provides file and printer sharing services to SMB/CIFS clients. The Samba team has discovered a denial of service bug in the smbd daemon. A defect in smbd's ASN.1 parsing allows an attacker to send a specially crafted packet during the authentication request which will send the newly spawned smbd process into an infinite loop. Given enough of these packets, it is possible to exhaust the available memory on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0807 to this issue. Additionally the Samba team has also discovered a denial of service bug in the nmbd daemon. It is possible that an attacker could send a specially crafted UDP packet which could allow the attacker to anonymously crash nmbd. This issue only affects nmbd daemons which are configured to process domain logons. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0808 to this issue. Users of Samba should upgrade to these updated packages, which contain an upgrade to Samba-3.0.7, which is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 132207 - CAN-2004-0807/8 Samba 3 DoS |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2004-467.html |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10344 | |||
| Oval ID: | oval:org.mitre.oval:def:10344 | ||
| Title: | The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | ||
| Description: | The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0808 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:11141 | |||
| Oval ID: | oval:org.mitre.oval:def:11141 | ||
| Title: | Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. | ||
| Description: | Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0807 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-16 (Samba) File : nvt/glsa_200409_16.nasl |
| 2008-09-04 | Name : FreeBSD Ports: samba3 File : nvt/freebsd_samba3.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2004-257-01 samba DoS File : nvt/esoft_slk_ssa_2004_257_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 9917 | Samba nmbd process_logon_packet Function Remote DoS Samba contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a malformed UDP packet and will result in loss of availability for Samba's nmbd daemon. The process_logon_packet function does not properly validate that the packet is appropriately sized to contain the number of structures it claims, when processing a SAM_UAS_CHANGE request. If the packet claims a large number of structures and a smaller number are contained in the packet, nmbd will reference memory outside of the packet, possibly causing the daemon to crash. |
| 9916 | Samba ASN.1 Parsing Function Malformed Request DoS Samba contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends specially crafted packets to the smbd daemon during the ASN.1 parsing routine causing many processes to spawn resulting in a loss of availability for the platform. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a711de5c05fa11d9a9b200061bc2ad93.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2004-257-01.nasl - Type : ACT_GATHER_INFO |
| 2004-09-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-467.nasl - Type : ACT_GATHER_INFO |
| 2004-09-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-092.nasl - Type : ACT_GATHER_INFO |
| 2004-09-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-16.nasl - Type : ACT_GATHER_INFO |
| 2004-09-13 | Name : The remote service is vulnerable to a denial of service. File : samba_asn1_dos.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:48:40 |
|
