CVE-2004-0883 - OpenCVE

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Enterprise Linux Desktop Fedora Core Linux Advanced Workstation
Suse	Suse Linux
Trustix	Secure Linux
Ubuntu	Ubuntu Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel:2.4.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.0:test1::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test10::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test11::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test12::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test2::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test3::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test4::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test5::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test6::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test7::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test8::::::
	cpe:2.3:o:linux:linux_kernel:2.4.0:test9::::::
	cpe:2.3:o:linux:linux_kernel:2.4.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.8:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.9:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.10:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.11:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.12:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.13:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.14:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.15:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.16:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.17:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.18:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.18::x86:::::
	cpe:2.3:o:linux:linux_kernel:2.4.18:pre1::::::
	cpe:2.3:o:linux:linux_kernel:2.4.18:pre2::::::
	cpe:2.3:o:linux:linux_kernel:2.4.18:pre3::::::
	cpe:2.3:o:linux:linux_kernel:2.4.18:pre4::::::
	cpe:2.3:o:linux:linux_kernel:2.4.18:pre5::::::
	cpe:2.3:o:linux:linux_kernel:2.4.18:pre6::::::
	cpe:2.3:o:linux:linux_kernel:2.4.18:pre7::::::
	cpe:2.3:o:linux:linux_kernel:2.4.18:pre8::::::
	cpe:2.3:o:linux:linux_kernel:2.4.19:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.19:pre1::::::
	cpe:2.3:o:linux:linux_kernel:2.4.19:pre2::::::
	cpe:2.3:o:linux:linux_kernel:2.4.19:pre3::::::
	cpe:2.3:o:linux:linux_kernel:2.4.19:pre4::::::
	cpe:2.3:o:linux:linux_kernel:2.4.19:pre5::::::
	cpe:2.3:o:linux:linux_kernel:2.4.19:pre6::::::
	cpe:2.3:o:linux:linux_kernel:2.4.20:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.21:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.21:pre1::::::
	cpe:2.3:o:linux:linux_kernel:2.4.21:pre4::::::
	cpe:2.3:o:linux:linux_kernel:2.4.21:pre7::::::
	cpe:2.3:o:linux:linux_kernel:2.4.22:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.23:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.23:pre9::::::
	cpe:2.3:o:linux:linux_kernel:2.4.23_ow2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.24:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.24_ow1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.25:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.26:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.27:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.27:pre1::::::
	cpe:2.3:o:linux:linux_kernel:2.4.27:pre2::::::
	cpe:2.3:o:linux:linux_kernel:2.4.27:pre3::::::
cpe:2.3:o:linux:linux_kernel:2.4.27:pre4::::::
cpe:2.3:o:linux:linux_kernel:2.4.27:pre5::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.0:test1::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:test10::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:test11::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:test2::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:test3::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:test4::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:test5::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:test6::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:test7::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:test8::::::
cpe:2.3:o:linux:linux_kernel:2.6.0:test9::::::
cpe:2.3:o:linux:linux_kernel:2.6.1:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.1:rc1::::::
cpe:2.3:o:linux:linux_kernel:2.6.1:rc2::::::
cpe:2.3:o:linux:linux_kernel:2.6.2:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.3:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.6:rc1::::::
cpe:2.3:o:linux:linux_kernel:2.6.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.7:rc1::::::
cpe:2.3:o:linux:linux_kernel:2.6.8:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.8:rc1::::::
cpe:2.3:o:linux:linux_kernel:2.6.8:rc2::::::
cpe:2.3:o:linux:linux_kernel:2.6.8:rc3::::::
cpe:2.3:o:linux:linux_kernel:2.6.9:2.6.20::::::
cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:::::::*
cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::
cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
cpe:2.3:o:redhat:fedora_core:core_2.0:::::::*
cpe:2.3:o:redhat:fedora_core:core_3.0:::::::*
cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::
cpe:2.3:o:suse:suse_linux:1.0::desktop:::::
cpe:2.3:o:suse:suse_linux:8::enterprise_server:::::
cpe:2.3:o:suse:suse_linux:8.1:::::::*
cpe:2.3:o:suse:suse_linux:8.2:::::::*
cpe:2.3:o:suse:suse_linux:9.0:::::::*
cpe:2.3:o:suse:suse_linux:9.0::enterprise_server:::::
cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
cpe:2.3:o:suse:suse_linux:9.1:::::::*
cpe:2.3:o:suse:suse_linux:9.2:::::::*
cpe:2.3:o:trustix:secure_linux:1.5:::::::*
cpe:2.3:o:trustix:secure_linux:2.0:::::::*
cpe:2.3:o:trustix:secure_linux:2.1:::::::*
cpe:2.3:o:trustix:secure_linux:2.2:::::::*
cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ia64:::::
cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ppc:::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
kernel-0:2.4.21-20.0.1.EL	cpe:/o:redhat:enterprise_linux:3	RHSA-2004:549	2004-12-02T00:00:00Z
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2004:504	2004-12-13T00:00:00Z
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2004:505	2004-12-13T00:00:00Z
Red Hat Enterprise Linux ES version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2004:505	2004-12-13T00:00:00Z
Red Hat Enterprise Linux WS version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2004:505	2004-12-13T00:00:00Z
Red Hat Linux Advanced Workstation 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2004:504	2004-12-13T00:00:00Z

References

Link	Providers
http://marc.info/?l=bugtraq&m=110072140811965&w=2
http://marc.info/?l=bugtraq&m=110082989725345&w=2
http://secunia.com/advisories/13232/
http://secunia.com/advisories/20162
http://secunia.com/advisories/20163
http://secunia.com/advisories/20202
http://secunia.com/advisories/20338
http://security.e-matters.de/advisories/142004.html
http://www.debian.org/security/2006/dsa-1067
http://www.debian.org/security/2006/dsa-1069
http://www.debian.org/security/2006/dsa-1070
http://www.debian.org/security/2006/dsa-1082
http://www.kb.cert.org/vuls/id/726198
http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
http://www.redhat.com/support/errata/RHSA-2004-504.html
http://www.redhat.com/support/errata/RHSA-2004-505.html
http://www.redhat.com/support/errata/RHSA-2004-537.html
http://www.securityfocus.com/bid/11695
https://bugzilla.fedora.us/show_bug.cgi?id=2336
https://exchange.xforce.ibmcloud.com/vulnerabilities/18134
https://exchange.xforce.ibmcloud.com/vulnerabilities/18135
https://exchange.xforce.ibmcloud.com/vulnerabilities/18136
https://nvd.nist.gov/vuln/detail/CVE-2004-0883
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10330
https://www.cve.org/CVERecord?id=CVE-2004-0883

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-12-01T05:00:00

Updated: 2024-08-08T00:31:47.956Z

Reserved: 2004-09-22T00:00:00

Link: CVE-2004-0883

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-01-10T05:00:00.000

Modified: 2017-10-11T01:29:36.200

Link: CVE-2004-0883

Redhat

Severity : Important

Publid Date: 2004-11-12T00:00:00Z

Links: CVE-2004-0883 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object