Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0186 — Samba vulnerability

5 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.5%

top 32.98%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Samba Debian Samba Linux Kernel

Timeline

PublishedMar 15

Latest updateApr 29

Description

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

▶debiandebian/samba< samba 3.0.2-2 (bookworm)

▶Debiansamba/samba< 3.0.2-2+3

▶NVDsamba/samba2.0, 3.0.0+1

▶NVDlinux/linux_kernel2.6.0, 2.6.1, 2.6_test9_cvs+2

Patches

Patch: www.debian.org ↗Patch: www.securityfocus.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-99qv-m5mw-g4v6: smbmnt in Samba 2↗2022-04-29

▶

OSV

CVE-2004-0186: smbmnt in Samba 2↗2004-03-15

▶

💥Exploits & PoCs

Exploit-DB

Samba 2.2.8 (Linux Kernel 2.6 / Debian / Mandrake) - Share Privilege Escalation↗2004-02-09

▶

📋Vendor Advisories

Debian

CVE-2004-0186: samba - smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local us...↗2004

▶