CVE-2004-0808 : The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier

The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.

Published 2004-12-31 05:00:00

Updated 2025-04-03 01:03:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2004-0808

Samba » Samba » Version: 3.0.1
cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.0
cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.2
cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.2a
cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.3
cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.4
cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.6
cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.4 Update RC1
cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
Matching versions
Samba » Samba » Version: 3.0.5
cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0808

EPSS FAQ

7.87%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0808

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2004-0808

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873

CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)
Patch

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2004-467.html

Support
Patch;Vendor Advisory

CVEs referencing this url
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:092

CVEs referencing this url
http://www.idefense.com/application/poi/display?id=138&type=vulnerabilities

U.S. | Let There Be Change | Accenture
Patch;Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200409-16.xml

Samba: Denial of Service vulnerabilities (GLSA 200409-16) — Gentoo security
Patch;Vendor Advisory

CVEs referencing this url
http://www.trustix.net/errata/2004/0046/

Patch;Vendor Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=109526231623307&w=2

'[OpenPKG-SA-2004.040] OpenPKG Security Advisory (samba)' - MARC

CVEs referencing this url
http://marc.info/?l=bugtraq&m=109509335230495&w=2

'Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)' - MARC

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10344

404 Not Found

Jump to

Vulnerability Details : CVE-2004-0808

Products affected by CVE-2004-0808

Exploit prediction scoring system (EPSS) score for CVE-2004-0808

CVSS scores for CVE-2004-0808

References for CVE-2004-0808