Vulnerability Name:

CVE-2004-1154 (CCN-18519)

Assigned:2004-12-16
Published:2004-12-16
Updated:2018-10-30
Summary:Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SCO
Type: UNKNOWN
SCOSA-2005.17

Source: CCN
Type: Sun Security Alert 57730
Security Vulnerability in Samba(7) Versions Prior to 3.0.10 May Allow Unauthorized Root Privileges

Source: MITRE
Type: CNA
CVE-2004-1154

Source: APPLE
Type: UNKNOWN
APPLE-SA-2005-03-21

Source: CCN
Type: RHSA-2004-670
samba security update

Source: CCN
Type: RHSA-2004-681
samba security update

Source: CCN
Type: RHSA-2005-020
samba security update

Source: CCN
Type: SA13453
Samba Security Descriptor Parsing Integer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
13453

Source: SUNALERT
Type: UNKNOWN
101643

Source: SUNALERT
Type: UNKNOWN
57730

Source: CCN
Type: Samba FTP Security Patch site
Index of /samba/ftp/patches/security

Source: CCN
Type: Samba Web site
Samba - Security Updates and Information

Source: CCN
Type: CIAC Information Bulletin P-070
Updated Samba Packages

Source: DEBIAN
Type: UNKNOWN
DSA-701

Source: DEBIAN
Type: DSA-701
samba -- integer overflows

Source: CCN
Type: GLSA-200412-13
Samba: Integer overflow

Source: CCN
Type: iDEFENSE Security Advisory 12.16.04
Samba smbd Security Descriptor Integer Overflow Vulnerability

Source: IDEFENSE
Type: UNKNOWN
20041216 Samba smbd Security Descriptor Integer Overflow Vulnerability

Source: CCN
Type: US-CERT VU#226184
Samba vulnerable to integer overflow processing file security descriptors

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#226184

Source: CCN
Type: Fedora Update Notification FEDORA-2004-561
samba-3.0.10-1.fc2 update

Source: CCN
Type: Fedora Update Notification FEDORA-2004-562
samba-3.0.10-1.fc3 update

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:045

Source: CCN
Type: OpenPKG-SA-2004.054
Samba

Source: REDHAT
Type: UNKNOWN
RHSA-2005:020

Source: CONFIRM
Type: UNKNOWN
http://www.samba.org/samba/security/CAN-2004-1154.html

Source: BID
Type: UNKNOWN
11973

Source: CCN
Type: BID-11973
Samba Directory Access Control List Remote Integer Overflow Vulnerability

Source: CCN
Type: TLSA-2005-21
An integer overflow vulnerability exists in Samba

Source: CCN
Type: USN-41-1
Samba vulnerability

Source: XF
Type: UNKNOWN
samba-msrpc-heap-corruption(18519)

Source: XF
Type: UNKNOWN
samba-msrpc-heap-corruption(18519)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10236

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1459

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:642

Source: SUSE
Type: SUSE-SA:2004:045
samba: remote privilege escalation

Source: SUSE
Type: SUSE-SR:2004:005
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:samba:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.0a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.1a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.8a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.9:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.2:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.0a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.1a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.8a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.9:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora_core:2:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora_core:3:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20041154
    V
    		CVE-2004-1154
    2015-11-16
    oval:org.mitre.oval:def:10236
    V
    		Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
    2013-04-29
    oval:org.mitre.oval:def:642
    V
    		HP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.02)
    2010-09-20
    oval:org.mitre.oval:def:1459
    V
    		HP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.01)
    2006-03-09
    oval:org.debian:def:701
    V
    		integer overflows
    2005-04-21
    oval:com.redhat.rhsa:def:20040670
    P
    		RHSA-2004:670: samba security update (Important)
    2004-12-16
    BACK
    samba samba 2.0.0
    samba samba 2.0.1
    samba samba 2.0.2
    samba samba 2.0.3
    samba samba 2.0.4
    samba samba 2.0.5
    samba samba 2.0.6
    samba samba 2.0.7
    samba samba 2.0.8
    samba samba 2.0.9
    samba samba 2.0.10
    samba samba 2.2.0
    samba samba 2.2.0a
    samba samba 2.2.1a
    samba samba 2.2.2
    samba samba 2.2.3
    samba samba 2.2.3a
    samba samba 2.2.4
    samba samba 2.2.5
    samba samba 2.2.6
    samba samba 2.2.7
    samba samba 2.2.7a
    samba samba 2.2.8
    samba samba 2.2.8a
    samba samba 2.2.9
    samba samba 2.2.11
    samba samba 2.2.12
    samba samba 2.2a
    samba samba 3.0.0
    samba samba 3.0.1
    samba samba 3.0.2
    samba samba 3.0.2a
    samba samba 3.0.3
    samba samba 3.0.4
    samba samba 3.0.4 rc1
    samba samba 3.0.5
    samba samba 3.0.6
    samba samba 3.0.7
    samba samba 3.0.8
    samba samba 3.0.9
    redhat fedora core core_2.0
    redhat fedora core core_3.0
    suse suse linux 1.0
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.2
    trustix secure linux 2.0
    trustix secure linux 2.1
    trustix secure linux 2.2
    samba samba 2.0.7
    samba samba 2.2.2
    samba samba 2.2.3
    samba samba 2.2.4
    samba samba 2.2.5
    samba samba 2.2.6
    samba samba 2.2.8
    samba samba 3.0.1
    samba samba 3.0.2
    samba samba 3.0.6
    samba samba 2.2a
    samba samba 3.0.4
    samba samba 3.0.7
    samba samba 2.0.0
    samba samba 2.0.1
    samba samba 2.0.2
    samba samba 2.0.3
    samba samba 2.0.4
    samba samba 2.0.5
    samba samba 2.0.6
    samba samba 2.0.8
    samba samba 2.0.9
    samba samba 2.0.10
    samba samba 2.2.0a
    samba samba 2.2.0
    samba samba 2.2.1a
    samba samba 2.2.3a
    samba samba 2.2.7a
    samba samba 2.2.7
    samba samba 3.0.2a
    samba samba 3.0.3
    samba samba 2.2.8a
    samba samba 2.2.9
    samba samba 2.2.11
    samba samba 3.0.0
    samba samba 3.0.5
    samba samba 3.0.8
    samba samba 3.0.9
    debian debian linux 3.0
    openpkg openpkg current
    gentoo linux *
    suse suse linux 8.1
    suse linux enterprise server 8
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    suse suse linux 8.2
    redhat enterprise linux 2.1
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    redhat enterprise linux 3
    fedoraproject fedora core 2
    openpkg openpkg 2.1
    openpkg openpkg 2.2
    mandrakesoft mandrake linux 10.1
    fedoraproject fedora core 3
    novell linux desktop 9
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 10.1
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1