CVE-2004-0808

Name of the Vulnerable Software and Affected Versions Samba versions 3.0.6 and earlier

Description The issue is a denial of service flaw that occurs when the process logon packet function in the nmbd server does not properly validate the size of a UDP packet. This happens when an attacker sends a malformed packet with a SAM UAS CHANGE request, claiming a large number of structures but containing a smaller number, causing the daemon to reference memory outside of the packet and possibly crash. This results in a loss of availability for Samba's nmbd daemon.

Recommendations For Samba versions 3.0.6 and earlier, consider disabling the process logon packet function or restricting the handling of SAM UAS CHANGE requests until a fix is available. Additionally, ensure proper validation of packet sizes to prevent the daemon from referencing memory outside of the packet. At the moment, there is no information about a newer version that contains a fix for this vulnerability.