Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2004:632

The remote host is missing updates announced in
advisory RHSA-2004:632.

Samba provides file and printer sharing services to SMB/CIFS clients.

During a code audit, Stefan Esser discovered a buffer overflow in Samba
versions prior to 3.0.8 when handling unicode filenames. An authenticated
remote user could exploit this bug which may lead to arbitrary code
execution on the server. The Common Vulnerabilities and Exposures project
( has assigned the name CVE-2004-0882 to this issue. Red Hat
believes that the Exec-Shield technology (enabled by default since Update
3) will block attempts to remotely exploit this vulnerability on x86

Additionally, a bug was found in the input validation routines in versions
of Samba prior to 3.0.8 that caused the smbd process to consume abnormal
amounts of system memory. An authenticated remote user could exploit this
bug to cause a denial of service. The Common Vulnerabilities and Exposures
project ( has assigned the name CVE-2004-0930 to this issue.

Users of Samba should upgrade to these updated packages, which contain
backported security patches, and are not vulnerable to these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0882
Bugtraq: 20041115 Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow (Google Search)
Bugtraq: 20041115 [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd (Google Search)
Bugtraq: 20041217 [OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba) (Google Search)
CERT/CC vulnerability note: VU#457622
Computer Incident Advisory Center Bulletin: P-038
Conectiva Linux advisory: CLA-2004:899
SCO Security Bulletin: SCOSA-2005.17
SGI Security Advisory: 20041201-01-P
SuSE Security Announcement: SUSE-SA:2004:040 (Google Search)
XForce ISS Database: samba-qfilepathinfo-bo(18070)
Common Vulnerability Exposure (CVE) ID: CVE-2004-0930
BugTraq ID: 11624
Bugtraq: 20041108 [SECURITY] CAN-2004-0930: Potential Remote Denial of Service Vulnerability (Google Search)
XForce ISS Database: samba-msfnmatch-dos(17987)
CopyrightCopyright (c) 2005 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.