National Cyber Awareness System

Vulnerability Summary for CVE-2004-1154

Overview

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Impact

CVSS Severity (version 2.0 incomplete approximation):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#226184

Name: VU#226184

Type: Advisory

Hyperlink:http://www.kb.cert.org/vuls/id/226184

External Source: XF

Name: samba-msrpc-heap-corruption(18519)

Type: Advisory

Hyperlink:http://xforce.iss.net/xforce/xfdb/18519

External Source: CONFIRM

Name: http://www.samba.org/samba/security/CAN-2004-1154.html

Hyperlink:http://www.samba.org/samba/security/CAN-2004-1154.html

External Source: REDHAT

Name: RHSA-2005:020

Hyperlink:http://www.redhat.com/support/errata/RHSA-2005-020.html

External Source: SUSE

Name: SUSE-SA:2004:045

Hyperlink:http://www.novell.com/linux/security/advisories/2004_45_samba.html

External Source: DEBIAN

Name: DSA-701

Hyperlink:http://www.debian.org/security/2005/dsa-701

External Source: SECUNIA

Name: 13453

Hyperlink:http://secunia.com/advisories/13453/

External Source: OVAL

Name: oval:org.mitre.oval:def:10236

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10236

External Source: APPLE

Name: APPLE-SA-2005-03-21

Hyperlink:http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

External Source: SCO

Name: SCOSA-2005.17

Hyperlink:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt

External Source: BID

Name: 11973

Hyperlink:http://www.securityfocus.com/bid/11973

External Source: IDEFENSE

Name: 20041216 Samba smbd Security Descriptor Integer Overflow Vulnerability

Hyperlink:http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities

External Source: SUNALERT

Name: 57730

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1

External Source: SUNALERT

Name: 101643

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1

US Government Resource: oval:org.mitre.oval:def:642

Name: oval:org.mitre.oval:def:642

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:642

US Government Resource: oval:org.mitre.oval:def:1459

Name: oval:org.mitre.oval:def:1459

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1459

References to Check Content

Identifier:oval:org.mitre.oval:def:10236

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10236

Identifier:oval:org.mitre.oval:def:1459

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:1459

Identifier:oval:org.mitre.oval:def:642

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:642