- Overview
- Features
- Architecture & Open API
- Try NeXpose
- Buy NeXpose
- System Requirements
- Vulnerabilities Tested
- NeXpose Information
Search Hints:
Try searching for a product or vendor.
Only vulnerabilities that match all search terms will be returned.
Enclose search terms in double quotes for an exact search.
For CVE searches, only enter the CVE-YYYY-XXXX code.
Try searching for a product or vendor.
Only vulnerabilities that match all search terms will be returned.
Enclose search terms in double quotes for an exact search.
For CVE searches, only enter the CVE-YYYY-XXXX code.
NeXpose Vulnerability Database
< Previous Next >Samba QFILEPATHINFO Buffer Overflow
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Critical (9) | 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Nov 15, 2004 | Dec 20, 2004 | Sep 21, 2007 |
Description:
The Samba smbd daemon included with 3.0.x up to and including 3.0.7. is vulnerable to a buffer overflow in the handler for the QFILEPATHINFO request. This overflow can be exploited by an attacker to execute arbitrary code on the server.
References:
- APPLE: http://docs.info.apple.com/article.html?artnum=61798
- BID: http://www.securityfocus.com/bid/11678
- CERT-VN: http://www.kb.cert.org/vuls/id/457622
- CIAC: http://www.ciac.org/ciac/bulletins/p-038.shtml
- CONECTIVA: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=CLA-2004:899
- CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882
- OSVDB: http://www.osvdb.org/displayvuln.php?osvdb_id=11782
- SECTRACK: http://securitytracker.com/id?1012235
- SECUNIA: http://secunia.com/advisories/13189/
- SGI: ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
- SUSE: http://www.novell.com/linux/security/advisories.html
- URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=110054671403755&w=2
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=110055646329581&w=2
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=110330519803655&w=2
- URL: http://security.e-matters.de/advisories/132004.html
- URL: http://www.suse.de/de/security/2004_40_samba.html
- URL: http://www.trustix.net/errata/2004/0058/
- URL: http://xforce.iss.net/xforce/xfdb/18070
- XF: http://xforce.iss.net/xforce/xfdb/18070
Solution:
Upgrade to Samba 3.0.8
Download and apply the upgrade from: http://us1.samba.org/samba/ftp/old-versions/samba-3.0.8.tar.gz
Information on these pages is summary information extracted from the NeXpose Vulnerabilty Assessment system. Full details are provided within the NeXpose product for licensed users.