Description
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
Product(s):
- Samba 3.0.0
- Samba 3.0.1
- Samba 3.0.2
- Samba 3.0.2a
- Samba 3.0.3
- Samba 3.0.4
- Samba 3.0.4 release candidate 1
- Samba 3.0.5
- Samba 3.0.6
- Samba 3.0.7
- Conectiva Linux 10.0
- Red Hat Enterprise Linux 2.1 Advanced Server
- Red Hat Enterprise Linux 2.1 Advanced Server IA64
- Red Hat Enterprise Linux 2.1 Enterprise Server
- Red Hat Enterprise Linux 2.1 Enterprise Server IA64
- Red Hat Enterprise Linux 2.1 Workstation
- Red Hat Enterprise Linux 2.1 Workstation IA64
- Red Hat Enterprise Linux 3.0 Advanced Server Edition
- Red Hat Enterprise Linux 3.0 Enterprise Server Edition
- Red Hat Enterprise Linux 3.0 Workstation Server Edition
- Red Hat Desktop 3.0
- Red Hat Fedora Core Core 2.0
- Red Hat Fedora Core Core 3.0
- Red Hat Linux Advanced Workstation 2.1 on IA64
- Red Hat Linux Advanced Workstation 2.1 on Itanium Processor
- Ubuntu Linux 4.1 on IA64
- Ubuntu Linux 4.1 on PPC
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-0882, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-0882 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.