CVE-2004-0807

Name of the Vulnerable Software and Affected Versions Samba versions 3.0.6 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and memory exhaustion. This is triggered by sending certain malformed requests that cause new processes to be spawned, or by sending specially crafted packets to the smbd daemon during the ASN.1 parsing routine, causing many processes to spawn and resulting in a loss of availability for the platform.

Recommendations For Samba versions 3.0.6 and earlier, consider restricting access to the smbd daemon to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider implementing configuration changes to limit the number of processes that can be spawned by the smbd daemon.