CVSS: 10.0EPSS: 11%CPEs: 53EXPL: 0CVE-2004-1154
https://notcve.org/view.php?id=CVE-2004-1154
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://secunia.com/advisories/13453 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1 http://www.debian.org/security/2005/dsa-701 http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities http://www.kb.cert.org/vuls/id/226184 ht •
CVSS: 7.5EPSS: 86%CPEs: 20EXPL: 1CVE-2004-0815
https://notcve.org/view.php?id=CVE-2004-0815
The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. La función unix_clena_name en Samba 2.2.x a 2.2.11, y 3.0.x anterirores a 3.0.2a, recorta ciertos nombres de directorio a sus rutas absolutas, lo que podría permitir a atacantes evitar la restricticiones de espeficadas de lectura, ejecución y listado de carpetas compartidas mediante secuencias del estilo "/.////" en rutas. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873 http://marc.info/?l=bugtraq&m=109655827913457&w=2 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1 http://sunsolve.sun.com/search/document.do? •
CVSS: 5.0EPSS: 55%CPEs: 39EXPL: 0CVE-2004-0829
https://notcve.org/view.php?id=CVE-2004-0829
smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. • http://samba.org/samba/history/samba-2.2.11.html http://seclists.org/lists/bugtraq/2004/Sep/0003.html http://www.gentoo.org/security/en/glsa/glsa-200409-14.xml http://www.trustix.org/errata/2004/0043 https://exchange.xforce.ibmcloud.com/vulnerabilities/17138 •
CVSS: 5.0EPSS: 79%CPEs: 5EXPL: 0CVE-2004-0686
https://notcve.org/view.php?id=CVE-2004-0686
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. Desbordamiento de búfer en Samba 2.2.x a 2.2.9 y 3.0.0 a 3.0.4, cuando la opción "mangling method = hash" está establecida en smb.conf, con impacto y vectores de ataque desconocidos. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854 http://marc.info/?l=bugtraq&m=109051340810458&w=2 http://marc.info/?l=bugtraq&m=109051533021376&w=2 http://marc.info/? •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 2CVE-2004-0186 – Samba 2.2.8 (Linux Kernel 2.6 / Debian / Mandrake) - Share Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-0186
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. smbmnt en Samba 2.0 y 3.0 para Linux 2.6, cuando se instala con setuid, permite a usuarios locales ganar privilegios de root montando un recurso compartido de Samba que contiene un programa con setuid de root, cuyos atributos no se limpian cuando el recurso compartido es eliminado. • https://www.exploit-db.com/exploits/23674 http://marc.info/?l=bugtraq&m=107636290906296&w=2 http://marc.info/?l=bugtraq&m=107657505718743&w=2 http://www.debian.org/security/2004/dsa-463 http://www.osvdb.org/3916 http://www.securityfocus.com/bid/9619 https://exchange.xforce.ibmcloud.com/vulnerabilities/15131 •