{"vuid":"VU#726198","idnumber":"726198","name":"SMB filesystem read system call vulnerable to buffer overflow","keywords":["Linux kernel","smb file system","buffer overflow","smb_proc_read()","read","data count overflow"],"overview":"The SMB filesystem read() system call contains buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition.","clean_desc":"\"Server Message Block (SMB) is an application-level protocol that supports file, printer, and other resource sharing. The SMB filesystem is a network filesystem built on the SMB protocol. A lack of bounds checking in the read() system call may allow a buffer overflow to occur. When a request is made to a SMB server, the read() system call on the SMB client's system expects to receive a pre-specified amount of data. If more data is supplied to the read() call than expected, the buffer overflow will occur. Note that it may be possible for a remote attacker to set up a malicious smb server to exploit this vulnerability. More detailed information is available in e-matters security advisory 14/2004.","impact":"A remote attacker may be able to cause a denial-of-service condition. In addition, an attacker may be able to execute arbitrary code on the vulnerable system. However, this possibility is unconfirmed.","resolution":"Upgrade Your Linux Kernel This vulnerability was corrected in verson 2.4.28 of the Kernel. Users are encouraged to upgrade to this version. Contact Your Vendor Users who suspect they are vulnerable are encouraged to check with their Linux vendor to determine the appropriate action to take.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Stefan Esser.","author":"This document was written by Jeff Gennari.","public":["http://secunia.com/advisories/13232/","http://security.e-matters.de/advisories/142004.html"],"cveids":["CVE-2004-0883"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-11-18T14:55:19Z","publicdate":"2004-11-17T00:00:00Z","datefirstpublished":"2005-02-02T00:37:10Z","dateupdated":"2006-04-19T11:16:36Z","revision":99,"vrda_d1_directreport":"0","vrda_d1_population":"1","vrda_d1_impact":"2","cam_widelyknown":"14","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"15","cam_impact":"5","cam_easeofexploitation":"6","cam_attackeraccessrequired":"7","cam_scorecurrent":"1.063125","cam_scorecurrentwidelyknown":"1.4175","cam_scorecurrentwidelyknownexploited":"2.59875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.063125,"vulnote":null}