Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0600

8 documents8 sources
Severity
10.0CRITICAL
EPSS
59.6%
top 1.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Samba SambaTrustix Secure Linux
Timeline
PublishedJul 27
Latest updateApr 29

Description

Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

Debiansamba< 3.0.5+3
NVDsamba/samba4 versions+3
NVDtrustix/secure_linux1.5, 2.0, 2.1+2

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-6wf7-h6x3-vqqj: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 32022-04-29
OSV
CVE-2004-0600: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 32004-07-27
CVEList
CVE-2004-0600: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 32004-07-23

💥Exploits & PoCs

1
Exploit-DB
Samba 3.0.4 - SWAT Authorisation Buffer Overflow2004-07-22

📋Vendor Advisories

2
Red Hat
security flaw2004-07-22
Debian
CVE-2004-0600: samba - Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3....2004

💬Community

1
Bugzilla
CVE-2004-0600 security flaw2018-08-16
CVE-2004-0600 (CRITICAL CVSS 10) | Buffer overflow in the Samba Web Ad | cvebase.io