Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2004-1154

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Related bugs and status

CVE-2004-1154 (Candidate) is related to these bugs:

Bug #11243: samba: Integer overflow could lead to remote code execution in Samba

Summary				In	Importance	Status
	11243	samba: Integer overflow could lead to remote code execution in Samba		samba (Ubuntu)	High	Fix Released
	11243	samba: Integer overflow could lead to remote code execution in Samba		samba (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.samba.org/s...
APPLE: APPLE-SA-2005-03-21
DEBIAN: DSA-701
REDHAT: RHSA-2005:020
SCO: SCOSA-2005.17
SUSE: SUSE-SA:2004:045
CERT-VN: VU#226184
SECUNIA: 13453
BID: 11973
SUNALERT: 101643
SUNALERT: 57730
IDEFENSE: 20041216 Samba smbd Se...
XF: samba-msrpc-heap-corru...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...