CVE-2004-0186 - OpenCVE

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Samba	Samba

Configuration 1 [-]

OR	cpe:2.3:a:samba:samba:2.0:::::::*
	cpe:2.3:a:samba:samba:3.0.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:linux:linux_kernel:2.6.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.0:test1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test10::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test11::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test7::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test8::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test9::::::
	cpe:2.3:o:linux:linux_kernel:2.6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=107636290906296&w=2
http://marc.info/?l=bugtraq&m=107657505718743&w=2
http://www.debian.org/security/2004/dsa-463
http://www.osvdb.org/3916
http://www.securityfocus.com/bid/9619
https://exchange.xforce.ibmcloud.com/vulnerabilities/15131

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2024-08-08T00:10:03.679Z

Reserved: 2004-03-02T00:00:00

Link: CVE-2004-0186

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-03-15T05:00:00.000

Modified: 2017-10-10T01:30:18.860

Link: CVE-2004-0186

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-02-09T00:00:00", "descriptions": [{"lang": "en", "value": "smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2004-08-20T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107657505718743&w=2"}, {"name": "3916", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/3916"}, {"name": "samba-smbmnt-gain-privileges(15131)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15131"}, {"name": "20040209 Samba 3.x + kernel 2.6.x local root vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=107636290906296&w=2"}, {"name": "DSA-463", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2004/dsa-463"}, {"name": "9619", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9619"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0186", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107657505718743&w=2"}, {"name": "3916", "refsource": "OSVDB", "url": "http://www.osvdb.org/3916"}, {"name": "samba-smbmnt-gain-privileges(15131)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15131"}, {"name": "20040209 Samba 3.x + kernel 2.6.x local root vulnerability", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=107636290906296&w=2"}, {"name": "DSA-463", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2004/dsa-463"}, {"name": "9619", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9619"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:10:03.679Z"}, "title": "CVE Program Container", "references": [{"name": "20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=107657505718743&w=2"}, {"name": "3916", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/3916"}, {"name": "samba-smbmnt-gain-privileges(15131)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15131"}, {"name": "20040209 Samba 3.x + kernel 2.6.x local root vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=107636290906296&w=2"}, {"name": "DSA-463", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2004/dsa-463"}, {"name": "9619", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9619"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0186", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2004-03-02T00:00:00", "dateUpdated": "2024-08-08T00:10:03.679Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "245628A9-A5DC-403F-A781-7A066E9ECC78", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F84FB25B-5EA5-48DC-B528-E8CCF714C919", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "142BCD48-8387-4D0C-A052-44DD4144CBFF", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*", "matchCriteriaId": "7BCA84E2-AC4A-430D-8A30-E660D2A232A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*", "matchCriteriaId": "2255842B-34CD-4062-886C-37161A065703", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*", "matchCriteriaId": "F0ED322D-004C-472E-A37F-89B78C55FE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*", "matchCriteriaId": "412F7334-C46B-4F61-B38A-2CA56B498151", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*", "matchCriteriaId": "5967AF83-798D-4B1E-882A-5737FFC859C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*", "matchCriteriaId": "A90D2123-D55B-4104-8D82-5B6365AA3B77", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*", "matchCriteriaId": "DCCDFD49-D402-420E-92F5-20445A0FE139", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*", "matchCriteriaId": "2A073700-E8A9-4F76-9265-2BE0D5AC9909", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*", "matchCriteriaId": "8877D178-1655-46E9-8F5A-2DD576601F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*", "matchCriteriaId": "0D55059C-B867-4E0F-B29C-9CD2C86915A5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*", "matchCriteriaId": "8358E965-3689-4B05-8470-C4A1463FA0E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "D2A55C17-C530-4898-BC95-DE4D495F0D7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "2C14A949-E2B8-4100-8ED4-645CB996B08A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:*:*:*:*:*:*:*", "matchCriteriaId": "608FDE1E-B02A-45A2-8877-0E52A5BD0963", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted."}, {"lang": "es", "value": "smbmnt en Samba 2.0 y 3.0 para Linux 2.6, cuando se instala con setuid, permite a usuarios locales ganar privilegios de root montando un recurso compartido de Samba que contiene un programa con setuid de root, cuyos atributos no se limpian cuando el recurso compartido es eliminado."}], "id": "CVE-2004-0186", "lastModified": "2017-10-10T01:30:18.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-03-15T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107636290906296&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=107657505718743&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.debian.org/security/2004/dsa-463"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/3916"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9619"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15131"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}