Vulnerability Name:

CVE-2004-0829 (CCN-17138)

Assigned:2004-08-26
Published:2004-08-26
Updated:2017-07-11
Summary:smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2004-0829

Source: CONFIRM
Type: Patch
http://samba.org/samba/history/samba-2.2.11.html

Source: BUGTRAQ
Type: Patch, Vendor Advisory
20040831 Samba FindNextPrintChangeNotify() Error Lets Remote Authenticated Users Crash smbd

Source: CCN
Type: Samba Web site
news.samba.org

Source: CCN
Type: GLSA-200409-14
Samba: Remote printing non-vulnerability

Source: GENTOO
Type: Vendor Advisory
GLSA-200409-14

Source: CCN
Type: OSVDB ID: 9362
Samba smbd FindNextPrintChangeNotify() Request Remote DoS

Source: CCN
Type: Samba Release Notes
Samba 2.2.11 Available for Download

Source: CCN
Type: BID-11055
Samba Remote Print Change Notify Denial Of Service Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0043
Multiple vulnerabilities

Source: TRUSTIX
Type: Vendor Advisory
2004-0043

Source: CCN
Type: TLSA-2004-25
Recently discovered buffer overflow vulnerabilities

Source: XF
Type: UNKNOWN
samba-findnextprintchangenotify-dos(17138)

Source: XF
Type: UNKNOWN
samba-findnextprintchangenotify-dos(17138)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:samba:1.9.17:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:p1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:p2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:p3:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:p4:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:p5:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p10:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p3:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p4:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p5:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p6:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p7:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p8:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.8a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.10:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.8a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.5a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:p1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:p2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:p3:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:p4:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.17:p5:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p10:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p3:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p4:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p5:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p6:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p7:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:1.9.18:p8:*:*:*:*:*:*
  • AND
  • cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    samba samba 1.9.17
    samba samba 1.9.17 p1
    samba samba 1.9.17 p2
    samba samba 1.9.17 p3
    samba samba 1.9.17 p4
    samba samba 1.9.17 p5
    samba samba 1.9.18
    samba samba 1.9.18 p1
    samba samba 1.9.18 p10
    samba samba 1.9.18 p2
    samba samba 1.9.18 p3
    samba samba 1.9.18 p4
    samba samba 1.9.18 p5
    samba samba 1.9.18 p6
    samba samba 1.9.18 p7
    samba samba 1.9.18 p8
    samba samba 2.0.0
    samba samba 2.0.1
    samba samba 2.0.2
    samba samba 2.0.3
    samba samba 2.0.4
    samba samba 2.0.5
    samba samba 2.0.5a
    samba samba 2.0.6
    samba samba 2.0.7
    samba samba 2.2.0
    samba samba 2.2.1
    samba samba 2.2.2
    samba samba 2.2.3
    samba samba 2.2.3a
    samba samba 2.2.4
    samba samba 2.2.5
    samba samba 2.2.6
    samba samba 2.2.7
    samba samba 2.2.7a
    samba samba 2.2.8
    samba samba 2.2.8a
    samba samba 2.2.9
    samba samba 2.2.10
    samba samba 2.0.7
    samba samba 2.2.2
    samba samba 2.2.3
    samba samba 2.2.4
    samba samba 2.2.5
    samba samba 2.2.6
    samba samba 2.2.8
    samba samba 2.2.10
    samba samba 2.0.0
    samba samba 2.0.1
    samba samba 2.0.2
    samba samba 2.0.3
    samba samba 2.0.4
    samba samba 2.0.5
    samba samba 2.0.6
    samba samba 2.2.0
    samba samba 2.2.3a
    samba samba 2.2.7a
    samba samba 2.2.7
    samba samba 2.2.8a
    samba samba 2.2.9
    samba samba 2.2.1
    samba samba 2.0.5a
    samba samba 1.9.18
    samba samba 1.9.17
    samba samba 1.9.17 p1
    samba samba 1.9.17 p2
    samba samba 1.9.17 p3
    samba samba 1.9.17 p4
    samba samba 1.9.17 p5
    samba samba 1.9.18 p1
    samba samba 1.9.18 p10
    samba samba 1.9.18 p2
    samba samba 1.9.18 p3
    samba samba 1.9.18 p4
    samba samba 1.9.18 p5
    samba samba 1.9.18 p6
    samba samba 1.9.18 p7
    samba samba 1.9.18 p8
    trustix secure linux 1.5
    gentoo linux *
    trustix secure linux 2.0