CVE-2004-0949

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4 and 2.6 kernel-image-2.4.19-sun4u-smp kernel-image-2.4.18-powerpc-xfs kernel-image-2.4.18-sun4u kernel-patch-benh kernel-headers-2.4.19-sparc kernel-image-2.4.18-sun4u-smp kernel-headers-2.4.18-sparc kernel-image-2.4.19-sun4u

Description The issue is related to multiple vulnerabilities in the Linux kernel, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, the smb recv trans2 function call in the samba filesystem (smbfs) does not properly handle the re-assembly of fragmented packets, allowing remote samba servers to read arbitrary kernel information or raise a counter value to an arbitrary number.

Recommendations For Linux kernel versions 2.4 and 2.6, consider disabling the smb recv trans2 function call as a temporary workaround until a patch is available. For kernel-image-2.4.19-sun4u-smp, kernel-image-2.4.18-powerpc-xfs, kernel-image-2.4.18-sun4u, kernel-patch-benh, kernel-headers-2.4.19-sparc, kernel-image-2.4.18-sun4u-smp, kernel-headers-2.4.18-sparc, and kernel-image-2.4.19-sun4u, at the moment, there is no information about a newer version that contains a fix for this vulnerability.