Vulnerability Note VU#726198

SMB filesystem read system call vulnerable to buffer overflow

Original Release date: 01 Feb 2005 | Last revised: 19 Apr 2006


The SMB filesystem read() system call contains buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition.


"Server Message Block (SMB) is an application-level protocol that supports file, printer, and other resource sharing. The SMB filesystem is a network filesystem built on the SMB protocol. A lack of bounds checking in the read() system call may allow a buffer overflow to occur. When a request is made to a SMB server, the read() system call on the SMB client's system expects to receive a pre-specified amount of data. If more data is supplied to the read() call than expected, the buffer overflow will occur. Note that it may be possible for a remote attacker to set up a malicious smb server to exploit this vulnerability.

More detailed information is available in e-matters security advisory 14/2004.


A remote attacker may be able to cause a denial-of-service condition. In addition, an attacker may be able to execute arbitrary code on the vulnerable system. However, this possibility is unconfirmed.


Upgrade Your Linux Kernel

This vulnerability was corrected in verson 2.4.28 of the Kernel. Users are encouraged to upgrade to this version.

Contact Your Vendor

Users who suspect they are vulnerable are encouraged to check with their Linux vendor to determine the appropriate action to take.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Samba TeamAffected-18 Nov 2004
SUSE LinuxAffected02 Feb 200507 Feb 2005
Apple Computer, Inc.Not Affected02 Feb 200519 Apr 2006
HitachiNot Affected02 Feb 200525 Mar 2005
Juniper Networks, Inc.Not Affected02 Feb 200502 Feb 2005
NetBSDNot Affected02 Feb 200502 Feb 2005
Cray Inc.Unknown-02 Feb 2005
Debian LinuxUnknown-02 Feb 2005
EMC CorporationUnknown02 Feb 200502 Feb 2005
EngardeUnknown02 Feb 200502 Feb 2005
F5 Networks, Inc.Unknown02 Feb 200502 Feb 2005
FreeBSD, Inc.Unknown02 Feb 200502 Feb 2005
FujitsuUnknown02 Feb 200502 Feb 2005
Hewlett-Packard CompanyUnknown02 Feb 200502 Feb 2005
IBM-zSeriesUnknown02 Feb 200502 Feb 2005
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported by Stefan Esser.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CVE-2004-0883
  • Date Public: 17 Nov 2004
  • Date First Published: 01 Feb 2005
  • Date Last Updated: 19 Apr 2006
  • Severity Metric: 1.06
  • Document Revision: 95


If you have feedback, comments, or additional information about this vulnerability, please send us email.