Vulnerability Note VU#726198
SMB filesystem read system call vulnerable to buffer overflow
The SMB filesystem read() system call contains buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition.
"Server Message Block (SMB) is an application-level protocol that supports file, printer, and other resource sharing. The SMB filesystem is a network filesystem built on the SMB protocol. A lack of bounds checking in the read() system call may allow a buffer overflow to occur. When a request is made to a SMB server, the read() system call on the SMB client's system expects to receive a pre-specified amount of data. If more data is supplied to the read() call than expected, the buffer overflow will occur. Note that it may be possible for a remote attacker to set up a malicious smb server to exploit this vulnerability.
More detailed information is available in e-matters security advisory 14/2004.
A remote attacker may be able to cause a denial-of-service condition. In addition, an attacker may be able to execute arbitrary code on the vulnerable system. However, this possibility is unconfirmed.
Upgrade Your Linux Kernel
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Samba Team||Affected||-||18 Nov 2004|
|SUSE Linux||Affected||02 Feb 2005||07 Feb 2005|
|Apple Computer, Inc.||Not Affected||02 Feb 2005||19 Apr 2006|
|Hitachi||Not Affected||02 Feb 2005||25 Mar 2005|
|Juniper Networks, Inc.||Not Affected||02 Feb 2005||02 Feb 2005|
|NetBSD||Not Affected||02 Feb 2005||02 Feb 2005|
|Cray Inc.||Unknown||-||02 Feb 2005|
|Debian Linux||Unknown||-||02 Feb 2005|
|EMC Corporation||Unknown||02 Feb 2005||02 Feb 2005|
|Engarde||Unknown||02 Feb 2005||02 Feb 2005|
|F5 Networks, Inc.||Unknown||02 Feb 2005||02 Feb 2005|
|FreeBSD, Inc.||Unknown||02 Feb 2005||02 Feb 2005|
|Fujitsu||Unknown||02 Feb 2005||02 Feb 2005|
|Hewlett-Packard Company||Unknown||02 Feb 2005||02 Feb 2005|
|IBM-zSeries||Unknown||02 Feb 2005||02 Feb 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by Stefan Esser.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2004-0883
- Date Public: 17 Nov 2004
- Date First Published: 01 Feb 2005
- Date Last Updated: 19 Apr 2006
- Severity Metric: 1.06
- Document Revision: 95
If you have feedback, comments, or additional information about this vulnerability, please send us email.