VDB
CVE-2004-0882
CVE-2004-0882
PUBLISHED
CVSS 10 CRITICAL
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
EPSS 46.75% · 97.7th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
46.75%
97.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | enterprise_linux_desktop | 3.0 |
| n/a | n/a | n/a |
| conectiva | linux | 10.0 |
| redhat | fedora_core | core_3.0, core_2.0 |
| redhat | enterprise_linux | 3.0, 2.1, 3.0 |
| samba | samba | 3.0.4, 3.0.0, 3.0.1 |
| redhat | linux_advanced_workstation | 2.1, 2.1 |
| ubuntu | ubuntu_linux | 4.1, 4.1 |
Timeline
- CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 1012235 vdb
- 20041115 [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd mailing-list
- 20041217 [OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba) mailing-list
- samba-qfilepathinfo-bo(18070) vdb
- VU#457622 third-party-advisory
- CLA-2004:899 vendor-advisory
- 13189 third-party-advisory
- http://security.e-matters.de/advisories/132004.html url
- 20041115 Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow mailing-list
- oval:org.mitre.oval:def:9969 vdb
- APPLE-SA-2005-03-21 vendor-advisory
- 2004-0058 vendor-advisory
- 11782 vdb
- 20041201-01-P vendor-advisory
- P-038 third-party-advisory
- SUSE-SA:2004:040 vendor-advisory
- SCOSA-2005.17 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2004-0882 advisory
- http://www.trustix.net/errata/2004/0058 url