CVE-2004-0883

Description

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

CVSS Metrics

• v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:N/A:P

EPSS Trends

Current EPSS score: 15.37%• Percentile: 95%

Affected Systems

• linux•linux_kernel

  2.4.0 | 2.4.0:test1 | 2.4.0:test10 | 2.4.0:test11 | 2.4.0:test12 | 2.4.0:test2 | 2.4.0:test3 | 2.4.0:test4 | 2.4.0:test5 | 2.4.0:test6 | 2.4.0:test7 | 2.4.0:test8 | 2.4.0:test9 | 2.4.1 | 2.4.2 | 2.4.3 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 | 2.4.9 | 2.4.10 | 2.4.11 | 2.4.12 | 2.4.13 | 2.4.14 | 2.4.15 | 2.4.16 | 2.4.17 | 2.4.18 | 2.4.18:pre1 | 2.4.18:pre2 | 2.4.18:pre3 | 2.4.18:pre4 | 2.4.18:pre5 | 2.4.18:pre6 | 2.4.18:pre7 | 2.4.18:pre8 | 2.4.19 | 2.4.19:pre1 | 2.4.19:pre2 | 2.4.19:pre3 | 2.4.19:pre4 | 2.4.19:pre5 | 2.4.19:pre6 | 2.4.20 | 2.4.21 | 2.4.21:pre1 | 2.4.21:pre4 | 2.4.21:pre7 | 2.4.22 | 2.4.23 | 2.4.23:pre9 | 2.4.23_ow2 | 2.4.24 | 2.4.24_ow1 | 2.4.25 | 2.4.26 | 2.4.27 | 2.4.27:pre1 | 2.4.27:pre2 | 2.4.27:pre3 | 2.4.27:pre4 | 2.4.27:pre5 | 2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.6:rc1 | 2.6.7 | 2.6.7:rc1 | 2.6.8 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6.9:2.6.20 | 2.6_test9_cvs

• redhat•enterprise_linux

  2.1 | 3.0

• redhat•enterprise_linux_desktop

  3.0

• redhat•fedora_core

  core_2.0 | core_3.0

• redhat•linux_advanced_workstation

  2.1

• suse•suse_linux

  10 | 8 | 8.1 | 8.2 | 9.0 | 9.1 | 9.2

• trustix•secure_linux

  1.5 | 2.0 | 2.1 | 2.2

• ubuntu•ubuntu_linux

  4.1

References (23)

• http://secunia.com/advisories/20163
• http://www.securityfocus.com/bid/11695
• http://www.debian.org/security/2006/dsa-1082
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
• http://marc.info/?l=bugtraq&m=110072140811965&w=2
• https://bugzilla.fedora.us/show_bug.cgi?id=2336
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10330
• https://exchange.xforce.ibmcloud.com/vulnerabilities/18136
• http://security.e-matters.de/advisories/142004.html
• http://www.debian.org/security/2006/dsa-1070
• http://www.redhat.com/support/errata/RHSA-2004-537.html
• http://secunia.com/advisories/20162
• http://www.kb.cert.org/vuls/id/726198
• http://www.debian.org/security/2006/dsa-1067
• http://www.debian.org/security/2006/dsa-1069
• https://exchange.xforce.ibmcloud.com/vulnerabilities/18135
• http://www.redhat.com/support/errata/RHSA-2004-505.html
• https://exchange.xforce.ibmcloud.com/vulnerabilities/18134
• http://secunia.com/advisories/20202
• http://www.redhat.com/support/errata/RHSA-2004-504.html
• http://marc.info/?l=bugtraq&m=110082989725345&w=2
• http://secunia.com/advisories/13232/
• http://secunia.com/advisories/20338