cbcvebase.
CVE-2004-0600
published 2004-07-27

CVE-2004-0600: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64…

PriorityP259critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
29.44%
97.9th percentile
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

Affected

12 ranges
VendorProductVersion rangeFixed in
debiansamba< samba 3.0.5 (bookworm)samba 3.0.5 (bookworm)
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba>= 0 < 3.0.53.0.5
sambasamba>= 0 < 3.0.53.0.5
sambasamba>= 0 < 3.0.53.0.5
sambasamba>= 0 < 3.0.53.0.5
trustixsecure_linux
trustixsecure_linux
trustixsecure_linux

Detection & IOCsextracted from sources · hover to see the quote

port901
commandAuthorization: Basic =
  • Detect HTTP Basic Authentication requests to SWAT (TCP/901) containing invalid base-64 characters (e.g., a bare '=' not in valid padding position) in the Authorization header, which is the exploit trigger for the buffer overflow.
  • Monitor TCP port 901 (SWAT default port) for inbound HTTP GET requests carrying a malformed 'Authorization: Basic' header value, particularly a lone '=' as the credential string.
  • Alert on any HTTP request to SWAT (port 901) with a Keep-Alive connection and a syntactically invalid Base64 Authorization value, consistent with the published PoC exploit pattern.
  • ·The vulnerability affects only Samba versions 3.0.2 through 3.0.4; upgrading to 3.0.5 or later resolves the issue. Ensure SWAT is not exposed to untrusted networks on TCP/901.
  • ·Debian tracking confirms the fix is in Samba 3.0.5 across all tracked releases (bookworm, bullseye, forky, sid, trixie).

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.