CVE-2004-0930
published 2005-01-27CVE-2004-0930: The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption)…
PriorityP418medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.91%
91.0th percentile
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| conectiva | linux | — | — |
| debian | samba | < samba 3.0.8-1 (bookworm) | samba 3.0.8-1 (bookworm) |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | fedora_core | — | — |
| redhat | fedora_core | — | — |
| redhat | linux_advanced_workstation | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | — | — |
| samba | samba | >= 0 < 3.0.8-1 | 3.0.8-1 |
| samba | samba | >= 0 < 3.0.8-1 | 3.0.8-1 |
| samba | samba | >= 0 < 3.0.8-1 | 3.0.8-1 |
| samba | samba | >= 0 < 3.0.8-1 | 3.0.8-1 |
| sgi | samba | — | — |
| sgi | samba | — | — |
| sgi | samba | — | — |
| sgi | samba | — | — |
| sgi | samba | — | — |
| sgi | samba | — | — |
| sgi | samba | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7hm7-fv7g-c6pr: The ms_fnmatch function in Samba 3
ghsa_unreviewed·2022-05-03
CVE-2004-0930 [MEDIUM] GHSA-7hm7-fv7g-c6pr: The ms_fnmatch function in Samba 3
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
OSV
CVE-2004-0930: The ms_fnmatch function in Samba 3
osv·2005-01-27·CVSS 5.0
CVE-2004-0930 [MEDIUM] CVE-2004-0930: The ms_fnmatch function in Samba 3
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
Ubuntu
samba vulnerability
vendor_ubuntu·2004-11-10
CVE-2004-0930 samba vulnerability
Title: samba vulnerability
Summary: samba vulnerability
Karol Wiesek discovered a Denial of Service vulnerability in samba. A
flaw in the input validation routines used to match filename strings
containing wildcard characters may allow a remote user to consume more
than normal amounts of CPU resources, thus impacting the performance
and response of the server. In some circumstances the server can
become entirely unresponsive.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2004-11-08·CVSS 5.0
CVE-2004-0930 [MEDIUM] security flaw
security flaw
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
Debian
CVE-2004-0930: samba - The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions all...
vendor_debian·2004·CVSS 5.0
CVE-2004-0930 [MEDIUM] CVE-2004-0930: samba - The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions all...
The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.
Scope: local
bookworm: resolved (fixed in 3.0.8-1)
bullseye: resolved (fixed in 3.0.8-1)
forky: resolved (fixed in 3.0.8-1)
sid: resolved (fixed in 3.0.8-1)
trixie: resolved (fixed in 3.0.8-1)
No detection rules found.
No public exploits indexed.
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txtftp://patches.sgi.com/support/free/security/advisories/20041201-01-Phttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlhttp://marc.info/?l=bugtraq&m=109993720717957&w=2http://marc.info/?l=bugtraq&m=110330519803655&w=2http://sunsolve.sun.com/search/document.do?assetkey=1-26-101783-1http://www.gentoo.org/security/en/glsa/glsa-200411-21.xmlhttp://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=falsehttp://www.mandriva.com/security/advisories?name=MDKSA-2004:131http://www.novell.com/linux/security/advisories/2004_40_samba.htmlhttp://www.securityfocus.com/bid/11624https://exchange.xforce.ibmcloud.com/vulnerabilities/17987https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10936https://www.ubuntu.com/usn/usn-22-1/ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txtftp://patches.sgi.com/support/free/security/advisories/20041201-01-Phttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.htmlhttp://marc.info/?l=bugtraq&m=109993720717957&w=2http://marc.info/?l=bugtraq&m=110330519803655&w=2http://sunsolve.sun.com/search/document.do?assetkey=1-26-101783-1http://www.gentoo.org/security/en/glsa/glsa-200411-21.xmlhttp://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=falsehttp://www.mandriva.com/security/advisories?name=MDKSA-2004:131http://www.novell.com/linux/security/advisories/2004_40_samba.htmlhttp://www.securityfocus.com/bid/11624https://exchange.xforce.ibmcloud.com/vulnerabilities/17987https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10936https://www.ubuntu.com/usn/usn-22-1/
2005-01-27
Published