CVE-2004-0186

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://marc.info/?l=bugtraq&m=107636290906296&w=2
http://marc.info/?l=bugtraq&m=107657505718743&w=2
http://www.debian.org/security/2004/dsa-463	Patch Vendor Advisory
http://www.osvdb.org/3916
http://www.securityfocus.com/bid/9619	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15131
http://marc.info/?l=bugtraq&m=107636290906296&w=2
http://marc.info/?l=bugtraq&m=107657505718743&w=2
http://www.debian.org/security/2004/dsa-463	Patch Vendor Advisory
http://www.osvdb.org/3916
http://www.securityfocus.com/bid/9619	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15131

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba:2.0:::::::*
	cpe:2.3:a:samba:samba:3.0.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:linux:linux_kernel:2.6.0:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.0:test1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test10::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test11::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test7::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test8::::::
	cpe:2.3:o:linux:linux_kernel:2.6.0:test9::::::
	cpe:2.3:o:linux:linux_kernel:2.6.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:::::::*

History

20 Nov 2024, 23:47

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=bugtraq&m=107636290906296&w=2 -~~	() http://marc.info/?l=bugtraq&m=107636290906296&w=2 -
References	~~() http://marc.info/?l=bugtraq&m=107657505718743&w=2 -~~	() http://marc.info/?l=bugtraq&m=107657505718743&w=2 -
References	~~() http://www.debian.org/security/2004/dsa-463 - Patch, Vendor Advisory~~	() http://www.debian.org/security/2004/dsa-463 - Patch, Vendor Advisory
References	~~() http://www.osvdb.org/3916 -~~	() http://www.osvdb.org/3916 -
References	~~() http://www.securityfocus.com/bid/9619 - Exploit, Patch, Vendor Advisory~~	() http://www.securityfocus.com/bid/9619 - Exploit, Patch, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/15131 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/15131 -

Information

Published : 2004-03-15 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-0186

Mitre link : CVE-2004-0186

CVE.ORG link : CVE-2004-0186

JSON object : View

Products Affected

samba

samba

linux

linux_kernel

CWE

NVD-CWE-Other

{"id": "CVE-2004-0186", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-03-15T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=107636290906296&w=2", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=107657505718743&w=2", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2004/dsa-463", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/3916", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9619", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15131", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=107636290906296&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=107657505718743&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2004/dsa-463", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/3916", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/9619", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15131", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted."}, {"lang": "es", "value": "smbmnt en Samba 2.0 y 3.0 para Linux 2.6, cuando se instala con setuid, permite a usuarios locales ganar privilegios de root montando un recurso compartido de Samba que contiene un programa con setuid de root, cuyos atributos no se limpian cuando el recurso compartido es eliminado."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "245628A9-A5DC-403F-A781-7A066E9ECC78"}, {"criteria": "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F84FB25B-5EA5-48DC-B528-E8CCF714C919"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "142BCD48-8387-4D0C-A052-44DD4144CBFF"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BCA84E2-AC4A-430D-8A30-E660D2A232A0"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2255842B-34CD-4062-886C-37161A065703"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0ED322D-004C-472E-A37F-89B78C55FE5B"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "412F7334-C46B-4F61-B38A-2CA56B498151"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5967AF83-798D-4B1E-882A-5737FFC859C9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A90D2123-D55B-4104-8D82-5B6365AA3B77"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCCDFD49-D402-420E-92F5-20445A0FE139"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A073700-E8A9-4F76-9265-2BE0D5AC9909"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8877D178-1655-46E9-8F5A-2DD576601F38"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D55059C-B867-4E0F-B29C-9CD2C86915A5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.0:test9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8358E965-3689-4B05-8470-C4A1463FA0E9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2A55C17-C530-4898-BC95-DE4D495F0D7C"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C14A949-E2B8-4100-8ED4-645CB996B08A"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "608FDE1E-B02A-45A2-8877-0E52A5BD0963"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.2 /10