FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

smbd -- buffer-overrun vulnerability

Affected packages
3.* <= samba < 3.0.8
3.*,1 <= samba < 3.0.8,1

Details

VuXML ID f3d3f621-38d8-11d9-8fff-000c6e8f12ef
Discovery 2004-11-15
Entry 2004-11-17
Modified 2008-09-26

Caused by improper bounds checking of certain trans2 requests, there is a possible buffer overrun in smbd. The attacker needs to be able to create files with very specific Unicode filenames on the share to take advantage of this issue.

References

Bugtraq ID 11678
CVE Name CVE-2004-0882
Message 4198AE84.7020509@samba.org