CVE-2004-0882

Name of the Vulnerable Software and Affected Versions Samba versions 3.0.0 through 3.0.7 Samba Server versions 3.0.0 through 3.0.7

Description The issue is caused by multiple vulnerabilities in the Samba package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A buffer overflow in the QFILEPATHINFO request handler may allow remote attackers to execute arbitrary code via a TRANSACT2 QFILEPATHINFO request with a small "maximum data bytes" value. Successful exploitation requires a special pathname to exist or the user to have write permissions on a network share.

Recommendations For Samba versions 3.0.0 through 3.0.7, consider disabling the QFILEPATHINFO request handler until a patch is available. For Samba Server versions 3.0.0 through 3.0.7, restrict access to network shares to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.