Vulnerabilities > CVE-2003-0196
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-044.NASL description An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. last seen 2020-06-01 modified 2020-06-02 plugin id 14028 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14028 title Mandrake Linux Security Advisory : samba (MDKSA-2003:044) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:044. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14028); script_version ("1.22"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0196", "CVE-2003-0201"); script_xref(name:"MDKSA", value:"2003:044"); script_name(english:"Mandrake Linux Security Advisory : samba (MDKSA-2003:044)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba trans2open Overflow (Solaris SPARC)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss_wins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"nss_wins-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-client-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-common-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-doc-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-server-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-swat-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-winbind-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"nss_wins-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-client-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-common-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-doc-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-server-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-swat-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-winbind-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"nss_wins-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-client-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-common-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-doc-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-server-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-swat-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-winbind-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Misc. NASL id SAMBA_2_2_8.NASL description The version of Samba running on the remote host is prior to 2.2.8a. It is, therefore, affected by a remote code execution vulnerability in the SMB/CIFS packet fragment re-assembly code in smbd. An unauthenticated, remote attacker can exploit this to inject binary specific exploit code into smbd and gain root access on a Samba serving system. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 122056 published 2019-02-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122056 title Samba < 2.2.8a Remote Code Execution Vulnerability code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(122056); script_version("1.6"); script_cvs_date("Date: 2019/10/31 15:18:51"); script_cve_id("CVE-2003-0196", "CVE-2003-0201"); script_bugtraq_id(7294, 7295); script_name(english:"Samba < 2.2.8a Remote Code Execution Vulnerability"); script_summary(english:"Checks the version of Samba."); script_set_attribute(attribute:"synopsis", value: "The remote Samba server is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The version of Samba running on the remote host is prior to 2.2.8a. It is, therefore, affected by a remote code execution vulnerability in the SMB/CIFS packet fragment re-assembly code in smbd. An unauthenticated, remote attacker can exploit this to inject binary specific exploit code into smbd and gain root access on a Samba serving system. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-2.2.8a.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Samba version 2.2.8a or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2003-0201"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba trans2open Overflow (Solaris SPARC)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/22"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/08"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_nativelanman.nasl"); script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("vcf.inc"); include("vcf_extras.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); app = vcf::samba::get_app_info(); vcf::check_granularity(app_info:app, sig_segments:3); constraints = [ {"max_version" : "2.2.8", "fixed_version" : "2.2.8a"} ]; vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_HOLE, strict:FALSE);
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-280.NASL description Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use. Since the packages for potato are quite old it is likely that they contain more security-relevant bugs that we don last seen 2020-06-01 modified 2020-06-02 plugin id 15117 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15117 title Debian DSA-280-1 : samba - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-280. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15117); script_version("1.27"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0196", "CVE-2003-0201"); script_bugtraq_id(7294, 7295); script_xref(name:"CERT", value:"267873"); script_xref(name:"DSA", value:"280"); script_name(english:"Debian DSA-280-1 : samba - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use. Since the packages for potato are quite old it is likely that they contain more security-relevant bugs that we don't know of. You are therefore advised to upgrade your systems running Samba to woody soon. Unofficial backported packages from the Samba maintainers for version 2.2.8 of Samba for woody are available at ~peloy and ~vorlon." ); script_set_attribute( attribute:"see_also", value:"https://people.debian.org/~peloy/samba/" ); script_set_attribute( attribute:"see_also", value:"https://people.debian.org/~vorlon/samba/" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-280" ); script_set_attribute( attribute:"solution", value: "Upgrade the Samba packages immediately. For the stable distribution (woody) this problem has been fixed in version 2.2.3a-12.3. For the old stable distribution (potato) this problem has been fixed in version 2.0.7-5.1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba trans2open Overflow (Solaris SPARC)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/04/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"samba", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"2.2", prefix:"samba-common", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"2.2", prefix:"samba-doc", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"2.2", prefix:"smbclient", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"2.2", prefix:"smbfs", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"2.2", prefix:"swat", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"3.0", prefix:"libpam-smbpass", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"libsmbclient", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"libsmbclient-dev", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"samba", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"samba-common", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"samba-doc", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"smbclient", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"smbfs", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"swat", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"winbind", reference:"2.2.3a-12.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-138.NASL description Updated Samba packages that fix a security vulnerability are now available. Samba is a suite of utilities which provides file and printer sharing services to SMB/CIFS clients. A security vulnerability has been found in versions of Samba up to and including 2.2.8. An anonymous user could exploit the vulnerability to gain root access on the target machine. Note that this is a different vulnerability than the one fixed by RHSA-2003:096. An exploit for this vulnerability is publicly available. All users of Samba are advised to update to the packages listed in this erratum, which contain a backported patch correcting this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 12387 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12387 title RHEL 2.1 : samba (RHSA-2003:138) NASL family Gain a shell remotely NASL id SAMBA_TRANS2OPEN_OVERFLOW.NASL description The remote Samba server is vulnerable to a buffer overflow when it calls the function trans2open(). An attacker may exploit this flaw to gain a root shell on this host. In addition, it is reported that this version of Samba is vulnerable to additional overflows, although Nessus has not checked for them. last seen 2020-06-01 modified 2020-06-02 plugin id 11523 published 2003-04-07 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11523 title Samba < 2.2.8a / 3.0.0 Multiple Remote Overflows
Oval
accepted | 2010-09-20T04:00:29.864-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
description | Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. | ||||||||||||||||
family | unix | ||||||||||||||||
id | oval:org.mitre.oval:def:564 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2003-08-17T12:00:00.000-04:00 | ||||||||||||||||
title | Multiple Buffer Overflows in Samba | ||||||||||||||||
version | 41 |
Redhat
advisories |
|
References
- http://marc.info/?l=bugtraq&m=104973186901597&w=2
- http://marc.info/?l=bugtraq&m=104973186901597&w=2
- http://marc.info/?l=bugtraq&m=104974612519064&w=2
- http://marc.info/?l=bugtraq&m=104974612519064&w=2
- http://www.debian.org/security/2003/dsa-280
- http://www.debian.org/security/2003/dsa-280
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
- http://www.redhat.com/support/errata/RHSA-2003-137.html
- http://www.redhat.com/support/errata/RHSA-2003-137.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564