CVE-2004-0882

NONE EPSS 96.0%
Published Jan 27, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 27, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.

Threat Intelligence

EPSS Exploit Probability
96.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 27

VendorProductVersionRange
sambasamba3.0.0any
sambasamba3.0.1any
sambasamba3.0.2any
sambasamba3.0.2aany
sambasamba3.0.3any
sambasamba3.0.4any
sambasamba3.0.4any
sambasamba3.0.5any
sambasamba3.0.6any
sambasamba3.0.7any
conectivalinux10.0any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux2.1any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux3.0any
redhatenterprise_linux_desktop3.0any
redhatfedora_corecore_2.0any
redhatfedora_corecore_3.0any
redhatlinux_advanced_workstation2.1any
redhatlinux_advanced_workstation2.1any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux4.1any

References 17

  • ftp.sco.com ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
  • patches.sgi.com ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
  • distro.conectiva.com.br http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899
  • lists.apple.com http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
  • marc.info http://marc.info/?l=bugtraq&m=110054671403755&w=2
  • marc.info http://marc.info/?l=bugtraq&m=110055646329581&w=2
  • marc.info http://marc.info/?l=bugtraq&m=110330519803655&w=2
  • secunia.com http://secunia.com/advisories/13189
  • security.e-matters.de http://security.e-matters.de/advisories/132004.html
  • securitytracker.com http://securitytracker.com/id?1012235
  • ciac.org http://www.ciac.org/ciac/bulletins/p-038.shtml
  • kb.cert.org http://www.kb.cert.org/vuls/id/457622
    US Government Resource
  • novell.com http://www.novell.com/linux/security/advisories/2004_40_samba.html
  • osvdb.org http://www.osvdb.org/11782
  • trustix.net http://www.trustix.net/errata/2004/0058/
    PatchVendor Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18070
  • oval.cisecurity.org https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969

Remediation

  • trustix.net http://www.trustix.net/errata/2004/0058/
    PatchVendor Advisory