CVE-2004-0883: Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) o...

Description

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

Metrics

EPSS Probability

4.08%

89.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	2.4.0	—
Linux	Linux Kernel	2.4.1	—
Linux	Linux Kernel	2.4.2	—
Linux	Linux Kernel	2.4.3	—
Linux	Linux Kernel	2.4.4	—
Linux	Linux Kernel	2.4.5	—
Linux	Linux Kernel	2.4.6	—
Linux	Linux Kernel	2.4.7	—
Linux	Linux Kernel	2.4.8	—
Linux	Linux Kernel	2.4.9	—
Linux	Linux Kernel	2.4.10	—
Linux	Linux Kernel	2.4.11	—
Linux	Linux Kernel	2.4.12	—
Linux	Linux Kernel	2.4.13	—
Linux	Linux Kernel	2.4.14	—
Linux	Linux Kernel	2.4.15	—
Linux	Linux Kernel	2.4.16	—
Linux	Linux Kernel	2.4.17	—
Linux	Linux Kernel	2.4.18	—
Linux	Linux Kernel	2.4.19	—
Linux	Linux Kernel	2.4.20	—
Linux	Linux Kernel	2.4.21	—
Linux	Linux Kernel	2.4.22	—
Linux	Linux Kernel	2.4.23	—
Linux	Linux Kernel	2.4.23_ow2	—
Linux	Linux Kernel	2.4.24	—
Linux	Linux Kernel	2.4.24_ow1	—
Linux	Linux Kernel	2.4.25	—
Linux	Linux Kernel	2.4.26	—
Linux	Linux Kernel	2.4.27	—
Linux	Linux Kernel	2.6.0	—
Linux	Linux Kernel	2.6.1	—
Linux	Linux Kernel	2.6.2	—
Linux	Linux Kernel	2.6.3	—
Linux	Linux Kernel	2.6.4	—
Linux	Linux Kernel	2.6.5	—
Linux	Linux Kernel	2.6.6	—
Linux	Linux Kernel	2.6.7	—
Linux	Linux Kernel	2.6.8	—
Linux	Linux Kernel	2.6.9	2.6.20
Linux	Linux Kernel	2.6_test9_cvs	—
Redhat	Enterprise Linux	2.1	—
Redhat	Enterprise Linux	3.0	—
Redhat	Enterprise Linux Desktop	3.0	—
Redhat	Fedora Core	core_2.0	—
Redhat	Fedora Core	core_3.0	—
Redhat	Linux Advanced Workstation	2.1	—
Suse	Suse Linux	1.0	—
Suse	Suse Linux	8	—
Suse	Suse Linux	8.1	—

Showing 50 of 59 affected configurations. See NVD for the full list.

References

Timeline

Published: Jan 10, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2004-0883?

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

How severe is CVE-2004-0883?

Severity scoring for CVE-2004-0883 is pending analysis. The EPSS model estimates a 4.08% probability of exploitation in the next 30 days.

How do I fix CVE-2004-0883?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.