CVE-2004-0882

Published Jan 27, 2005

Last updated 8 days ago

CVSS info 10.0

Overview

Description: Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
Source: cve@mitre.org
NVD status: Modified
Products: samba, linux, enterprise_linux, enterprise_linux_desktop, fedora_core, linux_advanced_workstation, ubuntu_linux

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "F84FB25B-5EA5-48DC-B528-E8CCF714C919",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "216145B7-4716-42F7-90DC-03884ECB2271",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "898968E5-577E-4B86-A804-EBEC67157A61",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*",
            "matchCriteriaId": "920EF846-41D1-429D-AF0F-3D7950F93069",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*",
            "matchCriteriaId": "8016DC4F-F410-4401-BDCC-91BE0D44D028",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "DC94A2CF-85DF-4BB5-8F78-470A3454C3CC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "632D2489-3B5E-466E-A6DF-1EF00303869B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "9FC116E5-B739-4E18-AA51-FFF59EBCA08F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "3D40F682-9F2E-465F-98F7-23E1036C74A2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*",
            "matchCriteriaId": "9478CC84-802F-4960-ACAB-3700154E813F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
            "matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
            "matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
            "matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
            "matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
            "matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
            "matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*",
            "matchCriteriaId": "78B46FFA-5B09-473E-AD33-3DB18BD0DAFE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
            "matchCriteriaId": "EC79FF22-2664-4C40-B0B3-6D23B5F45162",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*",
            "matchCriteriaId": "0EFE2E73-9536-41A9-B83B-0A06B54857F4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "AF3BBBC3-3EF9-4E24-9DE2-627E172A5473",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
            "matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
            "matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
            "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
            "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References