CVE-2004-0930

Name of the Vulnerable Software and Affected Versions Samba versions 3.0.0 through 3.0.7 Samba Server versions 3.0.0 through 3.0.7 samba-swat version 3.0.7 samba-common version 3.0.7 samba-client version 3.0.7

Description The issue is caused by an input validation error within the ms fnmatch() function when matching filenames containing wildcard characters. This can be exploited via multiple specially crafted commands to consume a large amount of CPU resources, potentially causing the server to stop responding entirely. The exploitation can be done remotely.

Recommendations For Samba versions 3.0.0 through 3.0.7, consider disabling the ms fnmatch() function until a patch is available. For Samba Server versions 3.0.0 through 3.0.7, restrict access to the server to minimize the risk of exploitation. For samba-swat, samba-common, and samba-client version 3.0.7, avoid using wildcard characters in filenames until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.