Vulnerability Name:

CVE-2004-0186 (CCN-15131)

Assigned:2004-02-10
Published:2004-02-10
Updated:2017-10-10
Summary:smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Feb 09 2004 - 15:23:03 CST
Samba 3.x + kernel 2.6.x local root vulnerability

Source: MITRE
Type: CNA
CVE-2004-0186

Source: BUGTRAQ
Type: UNKNOWN
20040209 Samba 3.x + kernel 2.6.x local root vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-463

Source: DEBIAN
Type: DSA-463
samba -- privilege escalation

Source: CCN
Type: GLSA-200404-21
Multiple Vulnerabilities in Samba

Source: CCN
Type: GLSA 200404-21
Multiple Vulnerabilities in Samba

Source: OSVDB
Type: UNKNOWN
3916

Source: CCN
Type: OSVDB ID: 3916
Samba smbmnt Local Privilege Escalation

Source: BID
Type: Exploit, Patch, Vendor Advisory
9619

Source: CCN
Type: BID-9619
Linux Kernel Samba Share Local Privilege Elevation Vulnerability

Source: CCN
Type: TLSA-2004-25
Recently discovered buffer overflow vulnerabilities

Source: XF
Type: UNKNOWN
samba-smbmnt-gain-privileges(15131)

Source: XF
Type: UNKNOWN
samba-smbmnt-gain-privileges(15131)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:samba:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:linux:linux_kernel:2.6.0:-:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6_test9_cvs:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:463
    V
    		privilege escalation
    2004-03-12
    BACK
    samba samba 2.0
    samba samba 3.0.0
    linux linux kernel 2.6.0
    linux linux kernel 2.6.0 test1
    linux linux kernel 2.6.0 test10
    linux linux kernel 2.6.0 test11
    linux linux kernel 2.6.0 test2
    linux linux kernel 2.6.0 test3
    linux linux kernel 2.6.0 test4
    linux linux kernel 2.6.0 test5
    linux linux kernel 2.6.0 test6
    linux linux kernel 2.6.0 test7
    linux linux kernel 2.6.0 test8
    linux linux kernel 2.6.0 test9
    linux linux kernel 2.6.1 rc1
    linux linux kernel 2.6.1 rc2
    linux linux kernel 2.6_test9_cvs
    samba samba 2.0
    samba samba 3.0.0
    debian debian linux 3.0
    gentoo linux *
    mandrakesoft mandrake multi network firewall 8.2
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux corporate server 2.1