CVE-2004-0882

Published: Jan 27, 2005Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.

Affected (27)

Products: Conectiva: Linux · Samba: Samba · Redhat: Enterprise Linux, Enterprise Linux Desktop, Fedora Core, Linux Advanced Workstation · +1 more

Show all products

Conectiva: Linux · Samba: Samba · Redhat: Enterprise Linux, Enterprise Linux Desktop, Fedora Core, Linux Advanced Workstation · Ubuntu: Ubuntu Linux

1 product

1 product

4 products

Enterprise Linux

Enterprise Linux Desktop

Linux Advanced Workstation

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Conectiva Linux	Version 10.0
Samba Samba	Version 3.0.0
Samba Samba	Version 3.0.1
Samba Samba	Version 3.0.2
Samba Samba	Version 3.0.2a
Samba Samba	Version 3.0.3
Samba Samba	Version 3.0.4
Samba Samba	Version 3.0.4 rc1
Samba Samba	Version 3.0.5
Samba Samba	Version 3.0.6
Samba Samba	Version 3.0.7

Configuration B

16 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 2.1
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux	Version 3.0
Redhat Enterprise Linux Desktop	Version 3.0
Redhat Fedora Core	Version core_2.0
Redhat Fedora Core	Version core_3.0
Redhat Linux Advanced Workstation	Version 2.1
Redhat Linux Advanced Workstation	Version 2.1
Ubuntu Ubuntu Linux	Version 4.1
Ubuntu Ubuntu Linux	Version 4.1

References (34)

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt (unsafe URL)

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P (unsafe URL)

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110054671403755&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110055646329581&w=2

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110330519803655&w=2

Source: cve@mitre.org

http://secunia.com/advisories/13189

Source: cve@mitre.org

http://security.e-matters.de/advisories/132004.html

Source: cve@mitre.org

http://securitytracker.com/id?1012235

Source: cve@mitre.org

http://www.ciac.org/ciac/bulletins/p-038.shtml

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/457622

Source: cve@mitre.org

US Government Resource

http://www.novell.com/linux/security/advisories/2004_40_samba.html

Source: cve@mitre.org

http://www.osvdb.org/11782

Source: cve@mitre.org

http://www.trustix.net/errata/2004/0058/

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/18070

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969

Source: cve@mitre.org

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=110054671403755&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=110055646329581&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=110330519803655&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/13189

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.e-matters.de/advisories/132004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1012235

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ciac.org/ciac/bulletins/p-038.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/457622

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.novell.com/linux/security/advisories/2004_40_samba.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/11782

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.trustix.net/errata/2004/0058/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/18070

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.