CVE-2004-0186

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=107636290906296&w=2
http://marc.info/?l=bugtraq&m=107657505718743&w=2
http://www.debian.org/security/2004/dsa-463	Patch Vendor Advisory
http://www.osvdb.org/3916
http://www.securityfocus.com/bid/9619	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15131

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba:2.0:::::::*
	cpe:2.3:a:samba:samba:3.0.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:linux:linux_kernel:2.6.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.0:test1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test10::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test11::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test7::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test8::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test9::::::
	cpe:2.3:o:linux:linux_kernel:2.6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:::::::*

History

No history.

Information

Published : 2004-03-15 05:00

Updated : 2023-12-10 10:17

NVD link : CVE-2004-0186

Mitre link : CVE-2004-0186

CVE.ORG link : CVE-2004-0186

JSON object : View

Products Affected

linux

linux_kernel

samba

samba

CWE

NVD-CWE-Other

{"id": "CVE-2004-0186", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-03-15T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=107636290906296&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=107657505718743&w=2", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2004/dsa-463", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/3916", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9619", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15131", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted."}, {"lang": "es", "value": "smbmnt en Samba 2.0 y 3.0 para Linux 2.6, cuando se instala con setuid, permite a usuarios locales ganar privilegios de root montando un recurso compartido de Samba que contiene un programa con setuid de root, cuyos atributos no se limpian cuando el recurso compartido es eliminado."}], "lastModified": "2017-10-10T01:30:18.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "245628A9-A5DC-403F-A781-7A066E9ECC78"}, {"criteria": "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F84FB25B-5EA5-48DC-B528-E8CCF714C919"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142BCD48-8387-4D0C-A052-44DD4144CBFF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BCA84E2-AC4A-430D-8A30-E660D2A232A0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2255842B-34CD-4062-886C-37161A065703"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0ED322D-004C-472E-A37F-89B78C55FE5B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "412F7334-C46B-4F61-B38A-2CA56B498151"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5967AF83-798D-4B1E-882A-5737FFC859C9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A90D2123-D55B-4104-8D82-5B6365AA3B77"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCCDFD49-D402-420E-92F5-20445A0FE139"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A073700-E8A9-4F76-9265-2BE0D5AC9909"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8877D178-1655-46E9-8F5A-2DD576601F38"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D55059C-B867-4E0F-B29C-9CD2C86915A5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8358E965-3689-4B05-8470-C4A1463FA0E9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2A55C17-C530-4898-BC95-DE4D495F0D7C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C14A949-E2B8-4100-8ED4-645CB996B08A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "608FDE1E-B02A-45A2-8877-0E52A5BD0963"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}