CVE-2004-0829 — Improper Enforcement of Behavioral Workflow in Samba

CWE-841 — Improper Enforcement of Behavioral Workflow6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

4.0%

top 11.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedDec 31

Latest updateApr 29

Description

smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/samba< samba 2.2.11 (bookworm)

▶Debiansamba/samba< 2.2.11+3

▶NVDsamba/samba25 versions+24

Patches

Patch: samba.org ↗Patch: seclists.org ↗Patch: samba.org ↗

🔴Vulnerability Details

GHSA

GHSA-xr8x-5cxm-p785: smbd in Samba before 2↗2022-04-29

▶

OSV

CVE-2004-0829: smbd in Samba before 2↗2004-12-31

▶

📋Vendor Advisories

Debian

CVE-2004-0829: samba - smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service...↗2004

▶

Red Hat

CVE-2004-0829: smbd in Samba before 2↗

▶

📐Framework References

CWE

Improper Enforcement of Behavioral Workflow↗

▶