Executive Summary
Summary | |
---|---|
Title | Updated samba packages fix security issues |
Informations | |||
---|---|---|---|
Name | RHSA-2004:632 | First vendor Publication | 2004-11-16 |
Vendor | RedHat | Last vendor Modification | 2004-11-16 |
Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated samba packages that fix various security vulnerabilities are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Samba provides file and printer sharing services to SMB/CIFS clients. During a code audit, Stefan Esser discovered a buffer overflow in Samba versions prior to 3.0.8 when handling unicode filenames. An authenticated remote user could exploit this bug which may lead to arbitrary code execution on the server. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0882 to this issue. Red Hat believes that the Exec-Shield technology (enabled by default since Update 3) will block attempts to remotely exploit this vulnerability on x86 architectures. Additionally, a bug was found in the input validation routines in versions of Samba prior to 3.0.8 that caused the smbd process to consume abnormal amounts of system memory. An authenticated remote user could exploit this bug to cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0930 to this issue. Users of Samba should upgrade to these updated packages, which contain backported security patches, and are not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 138325 - CAN-2004-0930 wildcard remote DoS 134640 - CAN-2004-0882 unicode parsing overflow |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2004-632.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10936 | |||
Oval ID: | oval:org.mitre.oval:def:10936 | ||
Title: | The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. | ||
Description: | The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0930 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9969 | |||
Oval ID: | oval:org.mitre.oval:def:9969 | ||
Title: | Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. | ||
Description: | Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2004-0882 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for samba File : nvt/sles9p5015059.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-21 (samba) File : nvt/glsa_200411_21.nasl |
2008-09-04 | Name : FreeBSD Ports: samba File : nvt/freebsd_samba0.nasl |
2008-09-04 | Name : FreeBSD Ports: samba File : nvt/freebsd_samba1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
11782 | Samba QFILEPATHINFO Unicode Filename Request Handler Overflow |
11555 | Samba ms_fnmatch() Function Wildcard Matching Remote DoS Samba server contains a flaw in ms_fnmatch.c that may allow a malicious user to cause a denial of service. The issue is triggered when a request is made for a resource which contains multiple wildcard characters; this causes the server to fall into a loop whose size grows exponentially with the number of wildcard characters used. It is possible that the flaw may allow a remote server crash, resulting in a loss of availability. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Samba unicode filename buffer overflow attempt RuleID : 15986 - Revision : 8 - Type : SERVER-SAMBA |
2014-01-10 | Samba wildcard filename matching denial of service attempt RuleID : 15581 - Revision : 5 - Type : SERVER-SAMBA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ba13dc13340d11d9ac1b000d614f7fad.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-22-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-29-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-30-1.nasl - Type : ACT_GATHER_INFO |
2005-07-14 | Name : The remote host is missing Sun Security Patch number 119757-43 File : solaris10_119757.nasl - Type : ACT_GATHER_INFO |
2005-07-14 | Name : The remote host is missing Sun Security Patch number 119758-43 File : solaris10_x86_119758.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f3d3f62138d811d98fff000c6e8f12ef.nasl - Type : ACT_GATHER_INFO |
2004-11-30 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-459.nasl - Type : ACT_GATHER_INFO |
2004-11-30 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-460.nasl - Type : ACT_GATHER_INFO |
2004-11-19 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-136.nasl - Type : ACT_GATHER_INFO |
2004-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-632.nasl - Type : ACT_GATHER_INFO |
2004-11-16 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_040.nasl - Type : ACT_GATHER_INFO |
2004-11-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200411-21.nasl - Type : ACT_GATHER_INFO |
2004-11-13 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-131.nasl - Type : ACT_GATHER_INFO |
2004-11-13 | Name : The remote service is vulnerable to several flaws. File : samba_wildcard.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:48:47 |
|