CVE-2004-0949

Description

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.

CVSS Metrics

• v2.0•MEDIUM•Score: 6.4AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 3.73%• Percentile: 88%

Affected Systems

• linux•linux_kernel

  2.4.0 | 2.4.0:test1 | 2.4.0:test10 | 2.4.0:test11 | 2.4.0:test12 | 2.4.0:test2 | 2.4.0:test3 | 2.4.0:test4 | 2.4.0:test5 | 2.4.0:test6 | 2.4.0:test7 | 2.4.0:test8 | 2.4.0:test9 | 2.4.1 | 2.4.2 | 2.4.3 | 2.4.4 | 2.4.5 | 2.4.6 | 2.4.7 | 2.4.8 | 2.4.9 | 2.4.10 | 2.4.11 | 2.4.12 | 2.4.13 | 2.4.14 | 2.4.15 | 2.4.16 | 2.4.17 | 2.4.18 | 2.4.18:pre1 | 2.4.18:pre2 | 2.4.18:pre3 | 2.4.18:pre4 | 2.4.18:pre5 | 2.4.18:pre6 | 2.4.18:pre7 | 2.4.18:pre8 | 2.4.19 | 2.4.19:pre1 | 2.4.19:pre2 | 2.4.19:pre3 | 2.4.19:pre4 | 2.4.19:pre5 | 2.4.19:pre6 | 2.4.20 | 2.4.21 | 2.4.21:pre1 | 2.4.21:pre4 | 2.4.21:pre7 | 2.4.22 | 2.4.23 | 2.4.23:pre9 | 2.4.23_ow2 | 2.4.24 | 2.4.24_ow1 | 2.4.25 | 2.4.26 | 2.4.27 | 2.4.27:pre1 | 2.4.27:pre2 | 2.4.27:pre3 | 2.4.27:pre4 | 2.4.27:pre5 | 2.6.0 | 2.6.0:test1 | 2.6.0:test10 | 2.6.0:test11 | 2.6.0:test2 | 2.6.0:test3 | 2.6.0:test4 | 2.6.0:test5 | 2.6.0:test6 | 2.6.0:test7 | 2.6.0:test8 | 2.6.0:test9 | 2.6.1 | 2.6.1:rc1 | 2.6.1:rc2 | 2.6.2 | 2.6.3 | 2.6.4 | 2.6.5 | 2.6.6 | 2.6.6:rc1 | 2.6.7 | 2.6.7:rc1 | 2.6.8 | 2.6.8:rc1 | 2.6.8:rc2 | 2.6.8:rc3 | 2.6.9:2.6.20 | 2.6_test9_cvs

• redhat•enterprise_linux

  2.1 | 3.0

• redhat•enterprise_linux_desktop

  3.0

• redhat•fedora_core

  core_2.0 | core_3.0

• redhat•linux_advanced_workstation

  2.1

• suse•suse_linux

  10 | 8 | 8.1 | 8.2 | 9.0 | 9.1 | 9.2

• trustix•secure_linux

  1.5 | 2.0 | 2.1 | 2.2

• ubuntu•ubuntu_linux

  4.1

References (21)

• http://secunia.com/advisories/20163
• http://www.securityfocus.com/bid/11695
• http://www.debian.org/security/2006/dsa-1082
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
• http://marc.info/?l=bugtraq&m=110072140811965&w=2
• https://bugzilla.fedora.us/show_bug.cgi?id=2336
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10360
• https://www.ubuntu.com/usn/usn-30-1/
• http://security.e-matters.de/advisories/142004.html
• http://www.debian.org/security/2006/dsa-1070
• http://www.redhat.com/support/errata/RHSA-2004-537.html
• http://secunia.com/advisories/20162
• https://exchange.xforce.ibmcloud.com/vulnerabilities/18137
• http://www.debian.org/security/2006/dsa-1067
• http://www.debian.org/security/2006/dsa-1069
• http://www.trustix.org/errata/2004/0061/
• http://www.redhat.com/support/errata/RHSA-2004-505.html
• http://secunia.com/advisories/20202
• http://www.redhat.com/support/errata/RHSA-2004-504.html
• http://secunia.com/advisories/13232/
• http://secunia.com/advisories/20338