Vulnerability Name:

CVE-2004-0600 (CCN-16785)

Assigned:2004-07-22
Published:2004-07-22
Updated:2017-10-11
Summary:Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu Jul 22 2004 - 06:14:37 CDT
Security Release - Samba 3.0.5 and 2.2.10

Source: MITRE
Type: CNA
CVE-2004-0600

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:851

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:854

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:851
Multiple potential buffer overruns

Source: CCN
Type: Conectiva Linux Announcement CLSA-2004:854
Multiple potential buffer overruns

Source: BUGTRAQ
Type: UNKNOWN
20040722 Security Release - Samba 3.0.5 and 2.2.10

Source: BUGTRAQ
Type: UNKNOWN
20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba)

Source: BUGTRAQ
Type: UNKNOWN
20040722 Samba 3.x swat preauthentication buffer overflow

Source: BUGTRAQ
Type: UNKNOWN
20040722 TSSA-2004-014 - samba

Source: BUGTRAQ
Type: UNKNOWN
20040722 SWAT PreAuthorization PoC

Source: CCN
Type: RHSA-2004-259
samba security update

Source: CCN
Type: Slackware-Security Mailing List, Mon, 26 Jul 2004 15:19:49 -0700 (PDT)
alternate samba package for Slackware 10.0

Source: CCN
Type: Slackware-Security Mailing List, Sun, 25 Jul 2004 20:24:19 -0700 (PDT)
New samba packages

Source: CCN
Type: Samba Web site
SAMBA - opening windows to a wider world

Source: CCN
Type: CIAC Information Bulletin O-186
Samba Buffer Overrun Vulnerabilities

Source: CCN
Type: GLSA-200407-21
Samba: Multiple buffer overflows

Source: GENTOO
Type: UNKNOWN
GLSA-200407-21

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:071

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:022

Source: CCN
Type: OpenPKG-SA-2004.033
Samba

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:259

Source: CCN
Type: BID-10780
Samba Web Administration Tool Base64 Decoder Buffer Overflow Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0039
Several security vulnerabilities patched

Source: TRUSTIX
Type: UNKNOWN
2004-0039

Source: XF
Type: UNKNOWN
samba-swat-base64-bo(16785)

Source: XF
Type: UNKNOWN
samba-swat-base64-bo(16785)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11445

Source: SUSE
Type: SUSE-SA:2004:022
samba: remote root compromise

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:samba:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.4:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_database_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_email_server:iii:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_connectivity_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/a:suse:suse_linux_office_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:11445
    V
    		Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
    2013-04-29
    oval:org.opensuse.security:def:20040600
    V
    		CVE-2004-0600
    2012-08-30
    oval:com.redhat.rhsa:def:20040259
    P
    		RHSA-2004:259: samba security update (Important)
    2004-07-22
    BACK
    samba samba 3.0.2
    samba samba 3.0.2a
    samba samba 3.0.3
    samba samba 3.0.4
    trustix secure linux 1.5
    trustix secure linux 2.0
    trustix secure linux 2.1
    samba samba 3.0.2
    samba samba 3.0.4
    samba samba 3.0.2a
    samba samba 3.0.3
    trustix secure linux 1.5
    suse suse linux database server *
    suse suse email server iii
    suse suse linux connectivity server *
    conectiva linux 8.0
    slackware slackware linux 8.1
    openpkg openpkg current
    gentoo linux *
    suse suse linux office server *
    suse suse linux 8.1
    mandrakesoft mandrake multi network firewall 8.2
    slackware slackware linux current
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    slackware slackware linux 9.0
    suse suse linux 8.2
    conectiva linux 9.0
    trustix secure linux 2.0
    slackware slackware linux 9.1
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    openpkg openpkg 2.0
    trustix secure linux 2.1
    suse suse linux 9.1
    redhat enterprise linux 3
    conectiva linux 10
    openpkg openpkg 2.1
    slackware slackware linux 10.0