Vulnerabilities > CVE-2003-0201 - Remote Buffer Overflow vulnerability in Samba 'call_trans2open'
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
Vulnerable Configurations
Exploit-Db
description Samba 2.2.x 'call_trans2open' Remote Buffer Overflow Vulnerability (2). CVE-2003-0201. Remote exploit for unix platform id EDB-ID:22469 last seen 2016-02-02 modified 2003-04-07 published 2003-04-07 reporter c0wboy source https://www.exploit-db.com/download/22469/ title Samba 2.2.x - 'call_trans2open' Remote Buffer Overflow Vulnerability 2 description Samba trans2open Overflow (Solaris SPARC). CVE-2003-0201. Remote exploit for solaris_sparc platform id EDB-ID:16330 last seen 2016-02-01 modified 2010-06-21 published 2010-06-21 reporter metasploit source https://www.exploit-db.com/download/16330/ title Samba trans2open Overflow Solaris SPARC description Samba 2.2.x 'call_trans2open' Remote Buffer Overflow Vulnerability (4). CVE-2003-0201. Remote exploit for unix platform id EDB-ID:22471 last seen 2016-02-02 modified 2003-04-07 published 2003-04-07 reporter noir source https://www.exploit-db.com/download/22471/ title Samba 2.2.x - 'call_trans2open' Remote Buffer Overflow Vulnerability 4 description Samba 2.2.x Remote Root Buffer Overflow Exploit. CVE-2003-0201. Remote exploit for linux platform id EDB-ID:7 last seen 2016-01-31 modified 2003-04-07 published 2003-04-07 reporter H D Moore source https://www.exploit-db.com/download/7/ title Samba 2.2.x - Remote Root Buffer Overflow Exploit description Samba 2.2.x 'call_trans2open' Remote Buffer Overflow Vulnerability (1). CVE-2003-0201. Remote exploit for unix platform id EDB-ID:22468 last seen 2016-02-02 modified 2003-04-11 published 2003-04-11 reporter Xpl017Elz source https://www.exploit-db.com/download/22468/ title Samba 2.2.x - 'call_trans2open' Remote Buffer Overflow Vulnerability 1 description Samba 2.2.x 'call_trans2open' Remote Buffer Overflow Vulnerability (3). CVE-2003-0201. Remote exploit for unix platform id EDB-ID:22470 last seen 2016-02-02 modified 2003-05-12 published 2003-05-12 reporter eDSee source https://www.exploit-db.com/download/22470/ title Samba 2.2.x - 'call_trans2open' Remote Buffer Overflow Vulnerability 3 description Samba 2.2.0 - 2.2.8 trans2open Overflow (OS X). CVE-2003-0201. Remote exploit for osx platform id EDB-ID:9924 last seen 2016-02-01 modified 2003-04-07 published 2003-04-07 reporter H D Moore source https://www.exploit-db.com/download/9924/ title Samba 2.2.0 - 2.2.8 - trans2open Overflow OS X description Samba trans2open Overflow (Linux x86). CVE-2003-0201. Remote exploit for linux platform id EDB-ID:16861 last seen 2016-02-02 modified 2010-07-14 published 2010-07-14 reporter metasploit source https://www.exploit-db.com/download/16861/ title Samba trans2open Overflow Linux x86 description Samba 2.2.8 (Bruteforce Method) Remote Root Exploit. CVE-2003-0201. Remote exploit for linux platform id EDB-ID:55 last seen 2016-01-31 modified 2003-07-13 published 2003-07-13 reporter Schizoprenic source https://www.exploit-db.com/download/55/ title Samba 2.2.8 - Bruteforce Method Remote Root Exploit description Samba 2.2.8 Remote Root Exploit - sambal.c. CVE-2003-0201. Remote exploit for linux platform id EDB-ID:10 last seen 2016-01-31 modified 2003-04-10 published 2003-04-10 reporter eSDee source https://www.exploit-db.com/download/10/ title Samba <= 2.2.8 - Remote Root Exploit description Samba trans2open Overflow (Mac OS X PPC). CVE-2003-0201. Remote exploit for osx_ppc platform id EDB-ID:16876 last seen 2016-02-02 modified 2010-06-21 published 2010-06-21 reporter metasploit source https://www.exploit-db.com/download/16876/ title Samba trans2open Overflow Mac OS X PPC description Samba trans2open Overflow (*BSD x86). CVE-2003-0201. Remote exploit for linux platform id EDB-ID:16880 last seen 2016-02-02 modified 2010-06-17 published 2010-06-17 reporter metasploit source https://www.exploit-db.com/download/16880/ title Samba trans2open - Overflow *BSD x86
Metasploit
description This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the noexec stack option set. NOTE: Some older versions of RedHat do not seem to be vulnerable since they apparently do not allow anonymous access to IPC. id MSF:EXPLOIT/LINUX/SAMBA/TRANS2OPEN last seen 2020-05-23 modified 2018-09-15 published 2010-06-12 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/samba/trans2open.rb title Samba trans2open Overflow (Linux x86) description This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the bug on Mac OS X PowerPC systems. id MSF:EXPLOIT/OSX/SAMBA/TRANS2OPEN last seen 2020-05-23 modified 2018-09-15 published 2006-02-04 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/osx/samba/trans2open.rb title Samba trans2open Overflow (Mac OS X PPC) description This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on Solaris SPARC systems that do not have the noexec stack option set. Big thanks to MC and valsmith for resolving a problem with the beta version of this module. id MSF:EXPLOIT/SOLARIS/SAMBA/TRANS2OPEN last seen 2020-01-14 modified 2018-09-15 published 2005-12-31 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/solaris/samba/trans2open.rb title Samba trans2open Overflow (Solaris SPARC) description This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the noexec stack option set. id MSF:EXPLOIT/FREEBSD/SAMBA/TRANS2OPEN last seen 2020-05-22 modified 2018-09-15 published 2010-06-15 references reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/freebsd/samba/trans2open.rb title Samba trans2open Overflow (*BSD x86)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-044.NASL description An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately. last seen 2020-06-01 modified 2020-06-02 plugin id 14028 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14028 title Mandrake Linux Security Advisory : samba (MDKSA-2003:044) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:044. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14028); script_version ("1.22"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0196", "CVE-2003-0201"); script_xref(name:"MDKSA", value:"2003:044"); script_name(english:"Mandrake Linux Security Advisory : samba (MDKSA-2003:044)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba trans2open Overflow (Solaris SPARC)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss_wins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-swat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-winbind"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"nss_wins-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-client-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-common-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-doc-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-server-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-swat-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-winbind-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"nss_wins-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-client-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-common-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-doc-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-server-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-swat-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-winbind-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"nss_wins-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-client-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-common-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-doc-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-server-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-swat-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-winbind-2.2.7a-9.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Misc. NASL id SAMBA_2_2_8.NASL description The version of Samba running on the remote host is prior to 2.2.8a. It is, therefore, affected by a remote code execution vulnerability in the SMB/CIFS packet fragment re-assembly code in smbd. An unauthenticated, remote attacker can exploit this to inject binary specific exploit code into smbd and gain root access on a Samba serving system. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 122056 published 2019-02-08 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122056 title Samba < 2.2.8a Remote Code Execution Vulnerability code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(122056); script_version("1.6"); script_cvs_date("Date: 2019/10/31 15:18:51"); script_cve_id("CVE-2003-0196", "CVE-2003-0201"); script_bugtraq_id(7294, 7295); script_name(english:"Samba < 2.2.8a Remote Code Execution Vulnerability"); script_summary(english:"Checks the version of Samba."); script_set_attribute(attribute:"synopsis", value: "The remote Samba server is affected by a remote code execution vulnerability."); script_set_attribute(attribute:"description", value: "The version of Samba running on the remote host is prior to 2.2.8a. It is, therefore, affected by a remote code execution vulnerability in the SMB/CIFS packet fragment re-assembly code in smbd. An unauthenticated, remote attacker can exploit this to inject binary specific exploit code into smbd and gain root access on a Samba serving system. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-2.2.8a.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Samba version 2.2.8a or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2003-0201"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba trans2open Overflow (Solaris SPARC)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/22"); script_set_attribute(attribute:"patch_publication_date", value:"2008/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/08"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("smb_nativelanman.nasl"); script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("vcf.inc"); include("vcf_extras.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); app = vcf::samba::get_app_info(); vcf::check_granularity(app_info:app, sig_segments:3); constraints = [ {"max_version" : "2.2.8", "fixed_version" : "2.2.8a"} ]; vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_HOLE, strict:FALSE);NASL family Debian Local Security Checks NASL id DEBIAN_DSA-280.NASL description Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use. Since the packages for potato are quite old it is likely that they contain more security-relevant bugs that we don last seen 2020-06-01 modified 2020-06-02 plugin id 15117 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15117 title Debian DSA-280-1 : samba - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-280. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15117); script_version("1.27"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0196", "CVE-2003-0201"); script_bugtraq_id(7294, 7295); script_xref(name:"CERT", value:"267873"); script_xref(name:"DSA", value:"280"); script_name(english:"Debian DSA-280-1 : samba - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use. Since the packages for potato are quite old it is likely that they contain more security-relevant bugs that we don't know of. You are therefore advised to upgrade your systems running Samba to woody soon. Unofficial backported packages from the Samba maintainers for version 2.2.8 of Samba for woody are available at ~peloy and ~vorlon." ); script_set_attribute( attribute:"see_also", value:"https://people.debian.org/~peloy/samba/" ); script_set_attribute( attribute:"see_also", value:"https://people.debian.org/~vorlon/samba/" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-280" ); script_set_attribute( attribute:"solution", value: "Upgrade the Samba packages immediately. For the stable distribution (woody) this problem has been fixed in version 2.2.3a-12.3. For the old stable distribution (potato) this problem has been fixed in version 2.0.7-5.1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Samba trans2open Overflow (Solaris SPARC)'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/04/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/04/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"samba", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"2.2", prefix:"samba-common", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"2.2", prefix:"samba-doc", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"2.2", prefix:"smbclient", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"2.2", prefix:"smbfs", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"2.2", prefix:"swat", reference:"2.0.7-5.1")) flag++; if (deb_check(release:"3.0", prefix:"libpam-smbpass", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"libsmbclient", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"libsmbclient-dev", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"samba", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"samba-common", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"samba-doc", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"smbclient", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"smbfs", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"swat", reference:"2.2.3a-12.3")) flag++; if (deb_check(release:"3.0", prefix:"winbind", reference:"2.2.3a-12.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-138.NASL description Updated Samba packages that fix a security vulnerability are now available. Samba is a suite of utilities which provides file and printer sharing services to SMB/CIFS clients. A security vulnerability has been found in versions of Samba up to and including 2.2.8. An anonymous user could exploit the vulnerability to gain root access on the target machine. Note that this is a different vulnerability than the one fixed by RHSA-2003:096. An exploit for this vulnerability is publicly available. All users of Samba are advised to update to the packages listed in this erratum, which contain a backported patch correcting this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 12387 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12387 title RHEL 2.1 : samba (RHSA-2003:138) NASL family Gain a shell remotely NASL id SAMBA_TRANS2OPEN_OVERFLOW.NASL description The remote Samba server is vulnerable to a buffer overflow when it calls the function trans2open(). An attacker may exploit this flaw to gain a root shell on this host. In addition, it is reported that this version of Samba is vulnerable to additional overflows, although Nessus has not checked for them. last seen 2020-06-01 modified 2020-06-02 plugin id 11523 published 2003-04-07 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11523 title Samba < 2.2.8a / 3.0.0 Multiple Remote Overflows NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_025.NASL description The remote host is missing a security patch for samba. It is, therefore, affected by a buffer overflow condition in the call_trans2open() function within file trans2.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via an overly long string passed to the pname variable, to execute arbitrary code with the privileges of the server. last seen 2020-06-01 modified 2020-06-02 plugin id 13795 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13795 title SUSE-SA:2003:025: samba
Oval
accepted 2010-09-20T04:00:19.563-04:00 class vulnerability contributors name Brian Soby organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation
description Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. family unix id oval:org.mitre.oval:def:2163 status accepted submitted 2004-12-30T12:00:00.000-04:00 title Samba call_trans2open() Buffer Overflow version 37 accepted 2010-09-20T04:00:30.236-04:00 class vulnerability contributors name Jay Beale organization Bastille Linux name Jay Beale organization Bastille Linux name Thomas R. Jones organization Maitreya Security name Jonathan Baker organization The MITRE Corporation
description Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. family unix id oval:org.mitre.oval:def:567 status accepted submitted 2003-08-17T12:00:00.000-04:00 title BO in Samba call_trans2open Function version 41
Packetstorm
data source https://packetstormsecurity.com/files/download/82311/trans2open.rc.txt id PACKETSTORM:82311 last seen 2016-12-05 published 2009-10-28 reporter H D Moore source https://packetstormsecurity.com/files/82311/Samba-trans2open-Overflow.html title Samba trans2open Overflow data source https://packetstormsecurity.com/files/download/84542/solaris-samba-trans2open.rb.txt id PACKETSTORM:84542 last seen 2016-12-05 published 2009-12-31 reporter H D Moore source https://packetstormsecurity.com/files/84542/Samba-trans2open-Overflow-Solaris-SPARC.html title Samba trans2open Overflow (Solaris SPARC) data source https://packetstormsecurity.com/files/download/84541/osx-samba-trans2open.rb.txt id PACKETSTORM:84541 last seen 2016-12-05 published 2009-12-31 reporter H D Moore source https://packetstormsecurity.com/files/84541/Samba-trans2open-Overflow-Mac-OS-X.html title Samba trans2open Overflow (Mac OS X)
Redhat
| advisories |
|
Saint
| bid | 7294 |
| description | Samba call_trans2open buffer overflow |
| id | win_samba |
| osvdb | 4469 |
| title | samba_call_trans2open |
| type | remote |
References
- ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624
- http://marc.info/?l=bugtraq&m=104972664226781&w=2
- http://marc.info/?l=bugtraq&m=104974612519064&w=2
- http://marc.info/?l=bugtraq&m=104981682014565&w=2
- http://marc.info/?l=bugtraq&m=104994564212488&w=2
- http://www.debian.org/security/2003/dsa-280
- http://www.digitaldefense.net/labs/advisories/DDI-1013.txt
- http://www.kb.cert.org/vuls/id/267873
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
- http://www.novell.com/linux/security/advisories/2003_025_samba.html
- http://www.redhat.com/support/errata/RHSA-2003-137.html
- http://www.securityfocus.com/bid/7294
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2163
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A567