CVE-2004-0186
published 2004-03-15CVE-2004-0186: smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid…
PriorityP430high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.59%
72.7th percentile
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | samba | < samba 3.0.2-2 (bookworm) | samba 3.0.2-2 (bookworm) |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | >= 0 < 3.0.2-2 | 3.0.2-2 |
| samba | samba | >= 0 < 3.0.2-2 | 3.0.2-2 |
| samba | samba | >= 0 < 3.0.2-2 | 3.0.2-2 |
| samba | samba | >= 0 < 3.0.2-2 | 3.0.2-2 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-99qv-m5mw-g4v6: smbmnt in Samba 2
ghsa_unreviewed·2022-04-29
CVE-2004-0186 [HIGH] GHSA-99qv-m5mw-g4v6: smbmnt in Samba 2
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
OSV
CVE-2004-0186: smbmnt in Samba 2
osv·2004-03-15·CVSS 7.2
CVE-2004-0186 [HIGH] CVE-2004-0186: smbmnt in Samba 2
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
Debian
CVE-2004-0186: samba - smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local us...
vendor_debian·2004·CVSS 7.2
CVE-2004-0186 [HIGH] CVE-2004-0186: samba - smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local us...
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
Scope: local
bookworm: resolved (fixed in 3.0.2-2)
bullseye: resolved (fixed in 3.0.2-2)
forky: resolved (fixed in 3.0.2-2)
sid: resolved (fixed in 3.0.2-2)
trixie: resolved (fixed in 3.0.2-2)
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107636290906296&w=2http://marc.info/?l=bugtraq&m=107657505718743&w=2http://www.debian.org/security/2004/dsa-463http://www.osvdb.org/3916http://www.securityfocus.com/bid/9619https://exchange.xforce.ibmcloud.com/vulnerabilities/15131http://marc.info/?l=bugtraq&m=107636290906296&w=2http://marc.info/?l=bugtraq&m=107657505718743&w=2http://www.debian.org/security/2004/dsa-463http://www.osvdb.org/3916http://www.securityfocus.com/bid/9619https://exchange.xforce.ibmcloud.com/vulnerabilities/15131
2004-03-15
Published