Signature Detail

SMB: Wildcard Filename DoS

This signature detects attempts to exploit a known vulnerability against the Samba package. Attackers can issue commands that could exhaust CPU resources, due to a recursive wildcard search pattern, and cause a denial of service condition.

Extended Description

A remote denial-of-service vulnerability affects the wildcard filename functionality of Samba. This issue occurs because the application fails to properly validate malformed user-supplied strings. An attacker may leverage this issue to cause the affected application to hang, effectively denying service to legitimate users.

Affected Products

• Conectiva Linux 10.0.0
• Gentoo Linux
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• Red Hat Desktop 3.0.0
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux AS 2.1 IA64
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 2.1 IA64
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux WS 2.1
• Red Hat Enterprise Linux WS 2.1 IA64
• Red Hat Enterprise Linux WS 3
• Red Hat Fedora Core2
• Red Hat Fedora Core3
• Samba 3.0.0
• Samba 3.0.1
• Samba 3.0.2
• Samba 3.0.3
• Samba 3.0.4
• Samba 3.0.5
• Samba 3.0.6
• Samba 3.0.7
• SCO Unixware 7.1.4
• SGI samba_irix 3.0.0
• SGI samba_irix 3.0.1
• SGI samba_irix 3.0.2
• SGI samba_irix 3.0.3
• SGI samba_irix 3.0.4
• SGI samba_irix 3.0.5
• SGI samba_irix 3.0.6
• SGI samba_irix 3.0.7
• Sun Solaris 10 Sparc
• Sun Solaris 10 X86
• Sun Solaris 9 Sparc
• Sun Solaris 9 X86
• Sun Solaris 9 X86 Update 2

References

• BugTraq: 11624
• CVE: CVE-2004-0930
• URL: http://www.mandriva.com/security/advisories?name=MDKSA-2004:131
• URL: http://www.idefense.com/application/poi/display?id=156&type=vulnerabilities&flashstatus=false