FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0600

This CVE name corresponds to:

Entered Topic
2004-07-21 Multiple Potential Buffer Overruns in Samba

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0600 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-0600
Phase Assigned(20040623)

Description

Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

References

Source Reference
BUGTRAQ 20040722 Samba 3.x swat preauthentication buffer overflow
BUGTRAQ 20040722 SWAT PreAuthorization PoC
BUGTRAQ 20040722 Security Release - Samba 3.0.5 and 2.2.10
CONECTIVA CLA-2004:851
CONECTIVA CLA-2004:854
GENTOO GLSA-200407-21
MANDRAKE MDKSA-2004:071
REDHAT RHSA-2004:259
SUSE SUSE-SA:2004:022
TRUSTIX 2004-0039
BUGTRAQ 20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba)
BUGTRAQ 20040722 TSSA-2004-014 - samba
OVAL oval:org.mitre.oval:def:11445
XF samba-swat-base64-bo(16785)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.