CVE-2004-0882
NONE EPSS 96.0%
Published Jan 27, 200521y ago · Modified Jun 16, 20262w ago
Published Jan 27, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
Threat Intelligence
EPSS Exploit Probability
96.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 27
| Vendor | Product | Version | Range |
|---|---|---|---|
| samba | samba | 3.0.0 | any |
| samba | samba | 3.0.1 | any |
| samba | samba | 3.0.2 | any |
| samba | samba | 3.0.2a | any |
| samba | samba | 3.0.3 | any |
| samba | samba | 3.0.4 | any |
| samba | samba | 3.0.4 | any |
| samba | samba | 3.0.5 | any |
| samba | samba | 3.0.6 | any |
| samba | samba | 3.0.7 | any |
| conectiva | linux | 10.0 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 2.1 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux | 3.0 | any |
| redhat | enterprise_linux_desktop | 3.0 | any |
| redhat | fedora_core | core_2.0 | any |
| redhat | fedora_core | core_3.0 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| redhat | linux_advanced_workstation | 2.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
References 17
- ftp.sco.com ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
- patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
- distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899
- lists.apple.com http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
- marc.info http://marc.info/?l=bugtraq&m=110054671403755&w=2
- marc.info http://marc.info/?l=bugtraq&m=110055646329581&w=2
- marc.info http://marc.info/?l=bugtraq&m=110330519803655&w=2
- secunia.com http://secunia.com/advisories/13189
- security.e-matters.de http://security.e-matters.de/advisories/132004.html
- securitytracker.com http://securitytracker.com/id?1012235
- ciac.org http://www.ciac.org/ciac/bulletins/p-038.shtml
- kb.cert.org http://www.kb.cert.org/vuls/id/457622
- novell.com http://www.novell.com/linux/security/advisories/2004_40_samba.html
- osvdb.org http://www.osvdb.org/11782
- trustix.net http://www.trustix.net/errata/2004/0058/
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18070
- oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969
Remediation
- trustix.net http://www.trustix.net/errata/2004/0058/