CVE-2004-0600
published 2004-07-27CVE-2004-0600: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64…
PriorityP259critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
29.44%
97.9th percentile
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | samba | < samba 3.0.5 (bookworm) | samba 3.0.5 (bookworm) |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | >= 0 < 3.0.5 | 3.0.5 |
| samba | samba | >= 0 < 3.0.5 | 3.0.5 |
| samba | samba | >= 0 < 3.0.5 | 3.0.5 |
| samba | samba | >= 0 < 3.0.5 | 3.0.5 |
| trustix | secure_linux | — | — |
| trustix | secure_linux | — | — |
| trustix | secure_linux | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP Basic Authentication requests to SWAT (TCP/901) containing invalid base-64 characters (e.g., a bare '=' not in valid padding position) in the Authorization header, which is the exploit trigger for the buffer overflow. ↗
- →Monitor TCP port 901 (SWAT default port) for inbound HTTP GET requests carrying a malformed 'Authorization: Basic' header value, particularly a lone '=' as the credential string. ↗
- →Alert on any HTTP request to SWAT (port 901) with a Keep-Alive connection and a syntactically invalid Base64 Authorization value, consistent with the published PoC exploit pattern. ↗
- ·The vulnerability affects only Samba versions 3.0.2 through 3.0.4; upgrading to 3.0.5 or later resolves the issue. Ensure SWAT is not exposed to untrusted networks on TCP/901. ↗
- ·Debian tracking confirms the fix is in Samba 3.0.5 across all tracked releases (bookworm, bullseye, forky, sid, trixie). ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6wf7-h6x3-vqqj: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3
ghsa_unreviewed·2022-04-29
CVE-2004-0600 [HIGH] GHSA-6wf7-h6x3-vqqj: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
OSV
CVE-2004-0600: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3
osv·2004-07-27·CVSS 10.0
CVE-2004-0600 [CRITICAL] CVE-2004-0600: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
Red Hat
security flaw
vendor_redhat·2004-07-22·CVSS 10.0
CVE-2004-0600 [CRITICAL] security flaw
security flaw
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
Debian
CVE-2004-0600: samba - Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3....
vendor_debian·2004·CVSS 10.0
CVE-2004-0600 [CRITICAL] CVE-2004-0600: samba - Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3....
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
Scope: local
bookworm: resolved (fixed in 3.0.5)
bullseye: resolved (fixed in 3.0.5)
forky: resolved (fixed in 3.0.5)
sid: resolved (fixed in 3.0.5)
trixie: resolved (fixed in 3.0.5)
No detection rules found.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854http://marc.info/?l=bugtraq&m=109051340810458&w=2http://marc.info/?l=bugtraq&m=109051533021376&w=2http://marc.info/?l=bugtraq&m=109052647928375&w=2http://marc.info/?l=bugtraq&m=109052891507263&w=2http://marc.info/?l=bugtraq&m=109053195818351&w=2http://www.gentoo.org/security/en/glsa/glsa-200407-21.xmlhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071http://www.novell.com/linux/security/advisories/2004_22_samba.htmlhttp://www.redhat.com/support/errata/RHSA-2004-259.htmlhttp://www.trustix.org/errata/2004/0039/https://exchange.xforce.ibmcloud.com/vulnerabilities/16785https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11445http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854http://marc.info/?l=bugtraq&m=109051340810458&w=2http://marc.info/?l=bugtraq&m=109051533021376&w=2http://marc.info/?l=bugtraq&m=109052647928375&w=2http://marc.info/?l=bugtraq&m=109052891507263&w=2http://marc.info/?l=bugtraq&m=109053195818351&w=2http://www.gentoo.org/security/en/glsa/glsa-200407-21.xmlhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071http://www.novell.com/linux/security/advisories/2004_22_samba.htmlhttp://www.redhat.com/support/errata/RHSA-2004-259.htmlhttp://www.trustix.org/errata/2004/0039/https://exchange.xforce.ibmcloud.com/vulnerabilities/16785https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11445
2004-07-27
Published