FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- potential remote DoS vulnerability

Affected packages
3.* < samba < 3.0.8
3.*,1 < samba < 3.0.8,1

Details

VuXML ID ba13dc13-340d-11d9-ac1b-000d614f7fad
Discovery 2004-09-30
Entry 2004-11-12
Modified 2008-09-26

Karol Wiesek at iDEFENSE reports:

A remote attacker could cause an smbd process to consume abnormal amounts of system resources due to an input validation error when matching filenames containing wildcard characters.

Although samba.org classifies this as a DoS vulnerability, several members of the security community believe it may be exploitable for arbitrary code execution.

References

CVE Name CVE-2004-0930
FreeBSD PR ports/73701
URL http://us4.samba.org/samba/security/CAN-2004-0930.html