- Overview
- Features
- Architecture & Open API
- Try NeXpose
- Buy NeXpose
- System Requirements
- Vulnerabilities Tested
- NeXpose Information
Search Hints:
Try searching for a product or vendor.
Only vulnerabilities that match all search terms will be returned.
Enclose search terms in double quotes for an exact search.
For CVE searches, only enter the CVE-YYYY-XXXX code.
Try searching for a product or vendor.
Only vulnerabilities that match all search terms will be returned.
Enclose search terms in double quotes for an exact search.
For CVE searches, only enter the CVE-YYYY-XXXX code.
NeXpose Vulnerability Database
< Previous Next >Samba Filename Hash Buffer Overflow Vulnerability
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Severe (7) | 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Jul 27, 2004 | Dec 21, 2004 | Sep 21, 2007 |
Description:
Certain versions of Samba are vulnerable to a buffer overflow when filename mangling with the 'hash' method is used (which is not enabled by default). It is believed that only an authenticated user with write privileges can exploit this vulnerability.
References:
- BID: http://www.securityfocus.com/bid/10781
- CONECTIVA: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=CLA-2004:851
- CONECTIVA: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=CLA-2004:854
- CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686
- GENTOO: http://www.gentoo.org/security/en/glsa/glsa-200407-21.xml
- MANDRAKE: http://www.mandriva.com/security/advisories?name=MDKSA-2004:071
- REDHAT: http://rhn.redhat.com/errata/RHSA-2004-259.html
- SUN: http://sunsolve.sun.com/search/document.do?assetkey=1-22-101584-1
- SUN: http://sunsolve.sun.com/search/document.do?assetkey=1-22-57664-1
- SUSE: http://www.novell.com/linux/security/advisories.html
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=109051340810458&w=2
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=109051533021376&w=2
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=109052891507263&w=2
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=109094272328981&w=2
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=109785827607823&w=2
- URL: http://www.trustix.org/errata/2004/0039/
- URL: http://xforce.iss.net/xforce/xfdb/16786
Solution:
Upgrade to Samba 3.0.5
Download and apply the upgrade from: http://us1.samba.org/samba/ftp/old-versions/samba-3.0.5.tar.gz
Information on these pages is summary information extracted from the NeXpose Vulnerabilty Assessment system. Full details are provided within the NeXpose product for licensed users.