CVE-2004-0807 : Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (in

Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.

Published 2004-09-13 04:00:00

Updated 2017-10-11 01:29:35

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2004-0807

SGI » Samba » Version: 3.0.2 Irix Edition
cpe:2.3:a:sgi:samba:3.0.2:*:irix:*:*:*:*:*
Matching versions
SGI » Samba » Version: 3.0.3 Irix Edition
cpe:2.3:a:sgi:samba:3.0.3:*:irix:*:*:*:*:*
Matching versions
SGI » Samba » Version: 3.0.1 Irix Edition
cpe:2.3:a:sgi:samba:3.0.1:*:irix:*:*:*:*:*
Matching versions
SGI » Samba » Version: 3.0.4 Irix Edition
cpe:2.3:a:sgi:samba:3.0.4:*:irix:*:*:*:*:*
Matching versions
SGI » Samba » Version: 3.0.5 Irix Edition
cpe:2.3:a:sgi:samba:3.0.5:*:irix:*:*:*:*:*
Matching versions
SGI » Samba » Version: 3.0.6 Irix Edition
cpe:2.3:a:sgi:samba:3.0.6:*:irix:*:*:*:*:*
Matching versions
SGI » Samba » Version: 3.0 Irix Edition
cpe:2.3:a:sgi:samba:3.0:*:irix:*:*:*:*:*
Matching versions
Mandrakesoft » Mandrake Linux » Version: 10.0
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
Matching versions
Mandrakesoft » Mandrake Linux » Version: 10.0 Amd64 Edition
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 8.1
cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.0
cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 8 Enterprise Server Edition
cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 8.2
cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.0 X86 64 Edition
cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.1
cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*
Matching versions
Suse » Suse Linux » Version: 9.0 Enterprise Server Edition
cpe:2.3:o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.1
cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.0
cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.2
cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.2a
cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.3
cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.4
cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.6
cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.4 Update RC1
cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.5
cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*
Matching versions
Conectiva » Linux » Version: 9.0
cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
Matching versions
Conectiva » Linux » Version: 10.0
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0807

EPSS FAQ

7.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0807

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2004-0807

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873

CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)
Patch;Vendor Advisory

CVEs referencing this url
http://www.idefense.com/application/poi/display?id=139&type=vulnerabilities

U.S. | Let There Be Change | Accenture
Patch;Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11141

404 Not Found
http://www.redhat.com/support/errata/RHSA-2004-467.html

Support
Patch;Vendor Advisory

CVEs referencing this url
http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml

Samba: Denial of Service vulnerabilities (GLSA 200409-16) — Gentoo security
Patch;Vendor Advisory

CVEs referencing this url
http://www.trustix.net/errata/2004/0046/

Patch;Vendor Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=109526231623307&w=2

'[OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba)' - MARC

CVEs referencing this url
http://marc.info/?l=bugtraq&m=109509335230495&w=2

'Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)' - MARC

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2004-0807

Products affected by CVE-2004-0807

Exploit prediction scoring system (EPSS) score for CVE-2004-0807

CVSS scores for CVE-2004-0807

References for CVE-2004-0807