CVE-2004-0882
published 2005-01-27CVE-2004-0882: Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a…
PriorityP344critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
13.73%
96.0th percentile
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| conectiva | linux | — | — |
| debian | samba | < samba 3.0.7 (bookworm) | samba 3.0.7 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | fedora_core | — | — |
| redhat | fedora_core | — | — |
| redhat | linux_advanced_workstation | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | >= 0 < 3.0.7 | 3.0.7 |
| samba | samba | >= 0 < 3.0.7 | 3.0.7 |
| samba | samba | >= 0 < 3.0.7 | 3.0.7 |
| samba | samba | >= 0 < 3.0.7 | 3.0.7 |
| ubuntu | ubuntu_linux | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fc7r-gvq8-rc9r: Buffer overflow in the QFILEPATHINFO request handler in Samba 3
ghsa_unreviewed·2022-05-03
CVE-2004-0882 [HIGH] GHSA-fc7r-gvq8-rc9r: Buffer overflow in the QFILEPATHINFO request handler in Samba 3
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
OSV
CVE-2004-0882: Buffer overflow in the QFILEPATHINFO request handler in Samba 3
osv·2005-01-27·CVSS 10.0
CVE-2004-0882 [CRITICAL] CVE-2004-0882: Buffer overflow in the QFILEPATHINFO request handler in Samba 3
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
Ubuntu
samba vulnerability
vendor_ubuntu·2004-11-18
CVE-2004-0882 samba vulnerability
Title: samba vulnerability
Summary: samba vulnerability
During an audit of the Samba 3.x code base Stefan Esser discovered a
Unicode file name buffer overflow within the handling of
TRANSACT2_QFILEPATHINFO replies. A malicious samba user with write
access to a share could exploit this by creating specially crafted
path names (files with very long names containing Unicode characters)
that would overflow an internal buffer and could lead to remote
execution of arbitrary code with the privileges of the samba server.
Since the samba server usually (by default) runs as root, this flaw
can lead to privilege escalation and unbounded system compromise.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2004-11-15·CVSS 10.0
CVE-2004-0882 [CRITICAL] security flaw
security flaw
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
Debian
CVE-2004-0882: samba - Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0....
vendor_debian·2004·CVSS 10.0
CVE-2004-0882 [CRITICAL] CVE-2004-0882: samba - Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0....
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
Scope: local
bookworm: resolved (fixed in 3.0.7)
bullseye: resolved (fixed in 3.0.7)
forky: resolved (fixed in 3.0.7)
sid: resolved (fixed in 3.0.7)
trixie: resolved (fixed in 3.0.7)
No detection rules found.
No public exploits indexed.
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txtftp://patches.sgi.com/support/free/security/advisories/20041201-01-Phttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlhttp://marc.info/?l=bugtraq&m=110054671403755&w=2http://marc.info/?l=bugtraq&m=110055646329581&w=2http://marc.info/?l=bugtraq&m=110330519803655&w=2http://secunia.com/advisories/13189http://security.e-matters.de/advisories/132004.htmlhttp://securitytracker.com/id?1012235http://www.ciac.org/ciac/bulletins/p-038.shtmlhttp://www.kb.cert.org/vuls/id/457622http://www.novell.com/linux/security/advisories/2004_40_samba.htmlhttp://www.osvdb.org/11782http://www.trustix.net/errata/2004/0058/https://exchange.xforce.ibmcloud.com/vulnerabilities/18070https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txtftp://patches.sgi.com/support/free/security/advisories/20041201-01-Phttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlhttp://marc.info/?l=bugtraq&m=110054671403755&w=2http://marc.info/?l=bugtraq&m=110055646329581&w=2http://marc.info/?l=bugtraq&m=110330519803655&w=2http://secunia.com/advisories/13189http://security.e-matters.de/advisories/132004.htmlhttp://securitytracker.com/id?1012235http://www.ciac.org/ciac/bulletins/p-038.shtmlhttp://www.kb.cert.org/vuls/id/457622http://www.novell.com/linux/security/advisories/2004_40_samba.htmlhttp://www.osvdb.org/11782http://www.trustix.net/errata/2004/0058/https://exchange.xforce.ibmcloud.com/vulnerabilities/18070https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9969
2005-01-27
Published