CVE-2004-1154Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba

25 documents9 sources
Severity
10.0CRITICALNVD
EPSS
27.8%
top 3.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SambaRedhat Fedora CoreSuse Linux+1 more
Timeline
PublishedJan 10
Latest updateMay 3

Description

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

Debiansamba/samba< 3.0.10-1+3
NVDsamba/samba39 versions+38
NVDsuse/suse_linux6 versions+5
NVDredhat/fedora_corecore_2.0, core_3.0+1
NVDtrustix/secure_linux2.0, 2.1, 2.2+2

🔴Vulnerability Details

3
GHSA
GHSA-66r5-q794-943w: Integer overflow in the Samba daemon (smbd) in Samba 22022-05-03
OSV
CVE-2004-1154: Integer overflow in the Samba daemon (smbd) in Samba 22005-01-10
CVEList
CVE-2004-1154: Integer overflow in the Samba daemon (smbd) in Samba 22004-12-22

🔍Detection Rules

16
Suricata
GPL NETBIOS SMB NT Trans NT CREATE unicode oversized Security Descriptor attempt2010-09-23
Suricata
GPL NETBIOS SMB NT Trans NT CREATE andx oversized Security Descriptor attempt2010-09-23
Suricata
GPL NETBIOS SMB NT Trans NT CREATE SACL overflow attempt2010-09-23
Suricata
GPL NETBIOS SMB-DS NT Trans NT CREATE unicode DACL overflow attempt2010-09-23
Suricata
GPL NETBIOS SMB-DS NT Trans NT CREATE unicode SACL overflow attempt2010-09-23

📋Vendor Advisories

3
Ubuntu
Samba vulnerability2004-12-18
Red Hat
security flaw2004-12-16
Debian
CVE-2004-1154: samba - Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9...2004

💬Community

1
Bugzilla
CVE-2004-1154 security flaw2018-08-16
CVE-2004-1154 — Samba vulnerability | cvebase