CVE-2004-1154

Name of the Vulnerable Software and Affected Versions Samba versions 2.0.x through 3.0.9 Samba Server versions 2.2.x Samba Server version 3.0.0 through 3.0.9

Description The issue is caused by an integer overflow in the Samba daemon (smbd) that allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. This can lead to controllable heap corruption, allowing an attacker to gain root privileges on a vulnerable system. The exploitation requires credentials that allow access to a share on the Samba server. Unsuccessful exploitation attempts may cause the process serving the request to crash and leave evidence of an attack in logs.

Recommendations For Samba versions 2.0.x through 3.0.9, update to a version later than 3.0.9 to resolve the issue. For Samba Server versions 2.2.x, update to a version later than 3.0.9 to resolve the issue. For Samba Server version 3.0.0 through 3.0.9, update to a version later than 3.0.9 to resolve the issue. As a temporary workaround, consider restricting access to the Samba server to minimize the risk of exploitation.