Vulnerabilities > CVE-2003-0201 - Remote Buffer Overflow vulnerability in Samba 'call_trans2open'

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
samba
samba-tng
apple
compaq
hp
sun
critical
nessus
exploit available
metasploit

Summary

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

Vulnerable Configurations

Part Description Count
Application
Samba
21
Application
Samba-Tng
2
Application
Hp
8
OS
Apple
5
OS
Compaq
25
OS
Hp
8
OS
Sun
12

Exploit-Db

  • descriptionSamba 2.2.x 'call_trans2open' Remote Buffer Overflow Vulnerability (2). CVE-2003-0201. Remote exploit for unix platform
    idEDB-ID:22469
    last seen2016-02-02
    modified2003-04-07
    published2003-04-07
    reporterc0wboy
    sourcehttps://www.exploit-db.com/download/22469/
    titleSamba 2.2.x - 'call_trans2open' Remote Buffer Overflow Vulnerability 2
  • descriptionSamba trans2open Overflow (Solaris SPARC). CVE-2003-0201. Remote exploit for solaris_sparc platform
    idEDB-ID:16330
    last seen2016-02-01
    modified2010-06-21
    published2010-06-21
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16330/
    titleSamba trans2open Overflow Solaris SPARC
  • descriptionSamba 2.2.x 'call_trans2open' Remote Buffer Overflow Vulnerability (4). CVE-2003-0201. Remote exploit for unix platform
    idEDB-ID:22471
    last seen2016-02-02
    modified2003-04-07
    published2003-04-07
    reporternoir
    sourcehttps://www.exploit-db.com/download/22471/
    titleSamba 2.2.x - 'call_trans2open' Remote Buffer Overflow Vulnerability 4
  • descriptionSamba 2.2.x Remote Root Buffer Overflow Exploit. CVE-2003-0201. Remote exploit for linux platform
    idEDB-ID:7
    last seen2016-01-31
    modified2003-04-07
    published2003-04-07
    reporterH D Moore
    sourcehttps://www.exploit-db.com/download/7/
    titleSamba 2.2.x - Remote Root Buffer Overflow Exploit
  • descriptionSamba 2.2.x 'call_trans2open' Remote Buffer Overflow Vulnerability (1). CVE-2003-0201. Remote exploit for unix platform
    idEDB-ID:22468
    last seen2016-02-02
    modified2003-04-11
    published2003-04-11
    reporterXpl017Elz
    sourcehttps://www.exploit-db.com/download/22468/
    titleSamba 2.2.x - 'call_trans2open' Remote Buffer Overflow Vulnerability 1
  • descriptionSamba 2.2.x 'call_trans2open' Remote Buffer Overflow Vulnerability (3). CVE-2003-0201. Remote exploit for unix platform
    idEDB-ID:22470
    last seen2016-02-02
    modified2003-05-12
    published2003-05-12
    reportereDSee
    sourcehttps://www.exploit-db.com/download/22470/
    titleSamba 2.2.x - 'call_trans2open' Remote Buffer Overflow Vulnerability 3
  • descriptionSamba 2.2.0 - 2.2.8 trans2open Overflow (OS X). CVE-2003-0201. Remote exploit for osx platform
    idEDB-ID:9924
    last seen2016-02-01
    modified2003-04-07
    published2003-04-07
    reporterH D Moore
    sourcehttps://www.exploit-db.com/download/9924/
    titleSamba 2.2.0 - 2.2.8 - trans2open Overflow OS X
  • descriptionSamba trans2open Overflow (Linux x86). CVE-2003-0201. Remote exploit for linux platform
    idEDB-ID:16861
    last seen2016-02-02
    modified2010-07-14
    published2010-07-14
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16861/
    titleSamba trans2open Overflow Linux x86
  • descriptionSamba 2.2.8 (Bruteforce Method) Remote Root Exploit. CVE-2003-0201. Remote exploit for linux platform
    idEDB-ID:55
    last seen2016-01-31
    modified2003-07-13
    published2003-07-13
    reporterSchizoprenic
    sourcehttps://www.exploit-db.com/download/55/
    titleSamba 2.2.8 - Bruteforce Method Remote Root Exploit
  • descriptionSamba 2.2.8 Remote Root Exploit - sambal.c. CVE-2003-0201. Remote exploit for linux platform
    idEDB-ID:10
    last seen2016-01-31
    modified2003-04-10
    published2003-04-10
    reportereSDee
    sourcehttps://www.exploit-db.com/download/10/
    titleSamba <= 2.2.8 - Remote Root Exploit
  • descriptionSamba trans2open Overflow (Mac OS X PPC). CVE-2003-0201. Remote exploit for osx_ppc platform
    idEDB-ID:16876
    last seen2016-02-02
    modified2010-06-21
    published2010-06-21
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16876/
    titleSamba trans2open Overflow Mac OS X PPC
  • descriptionSamba trans2open Overflow (*BSD x86). CVE-2003-0201. Remote exploit for linux platform
    idEDB-ID:16880
    last seen2016-02-02
    modified2010-06-17
    published2010-06-17
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16880/
    titleSamba trans2open - Overflow *BSD x86

Metasploit

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2003-044.NASL
    descriptionAn exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem. All versions of Samba prior to 2.2.8a are vulnerable. The provided updates contain a patch from the Samba Team to correct the issue. An exploit is known to exist and all Mandrake Linux users are encouraged to upgrade immediately.
    last seen2020-06-01
    modified2020-06-02
    plugin id14028
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14028
    titleMandrake Linux Security Advisory : samba (MDKSA-2003:044)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2003:044. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14028);
      script_version ("1.22");
      script_cvs_date("Date: 2019/08/02 13:32:46");
    
      script_cve_id("CVE-2003-0196", "CVE-2003-0201");
      script_xref(name:"MDKSA", value:"2003:044");
    
      script_name(english:"Mandrake Linux Security Advisory : samba (MDKSA-2003:044)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An exploitable buffer overflow was discovered in the Samba server that
    can lead to an anonymous remote root compromise. The Samba Team also
    discovered some potential overflows during an internal code audit
    which was done in response to the previously noted buffer overflow
    problem.
    
    All versions of Samba prior to 2.2.8a are vulnerable. The provided
    updates contain a patch from the Samba Team to correct the issue.
    
    An exploit is known to exist and all Mandrake Linux users are
    encouraged to upgrade immediately."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Samba trans2open Overflow (Solaris SPARC)');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nss_wins");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-client");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-swat");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:samba-winbind");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"nss_wins-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-client-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-common-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-doc-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-server-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-swat-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"samba-winbind-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"nss_wins-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-client-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-common-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-doc-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-server-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-swat-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"samba-winbind-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"nss_wins-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-client-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-common-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-doc-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-server-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-swat-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"samba-winbind-2.2.7a-9.2mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMisc.
    NASL idSAMBA_2_2_8.NASL
    descriptionThe version of Samba running on the remote host is prior to 2.2.8a. It is, therefore, affected by a remote code execution vulnerability in the SMB/CIFS packet fragment re-assembly code in smbd. An unauthenticated, remote attacker can exploit this to inject binary specific exploit code into smbd and gain root access on a Samba serving system. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id122056
    published2019-02-08
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122056
    titleSamba < 2.2.8a Remote Code Execution Vulnerability
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122056);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/31 15:18:51");
    
      script_cve_id("CVE-2003-0196", "CVE-2003-0201");
      script_bugtraq_id(7294, 7295);
    
      script_name(english:"Samba < 2.2.8a Remote Code Execution Vulnerability");
      script_summary(english:"Checks the version of Samba.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Samba server is affected by a remote code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Samba running on the remote host is prior to
    2.2.8a. It is, therefore, affected by a remote code execution 
    vulnerability in the SMB/CIFS packet fragment re-assembly code
    in smbd.  An unauthenticated, remote attacker can exploit this to
    inject binary specific exploit code into smbd and gain root access
    on a Samba serving system.
    
    Note that Nessus has not tested for this issue but has instead relied
    only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://www.samba.org/samba/history/samba-2.2.8a.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Samba version 2.2.8a or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2003-0201");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Samba trans2open Overflow (Solaris SPARC)');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/08/22");
      script_set_attribute(attribute:"patch_publication_date", value:"2008/08/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/08");
    
      script_set_attribute(attribute:"potential_vulnerability", value:"true");
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:samba:samba");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("smb_nativelanman.nasl");
      script_require_keys("SMB/NativeLanManager", "SMB/samba", "Settings/ParanoidReport");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("vcf.inc");
    include("vcf_extras.inc");
    
    if (report_paranoia < 2) audit(AUDIT_PARANOID);
    
    app = vcf::samba::get_app_info();
    vcf::check_granularity(app_info:app, sig_segments:3);
    
    constraints = 
    [
      {"max_version" : "2.2.8",  "fixed_version" : "2.2.8a"}
    ];
    
    vcf::check_version_and_report(app_info:app, constraints:constraints, severity:SECURITY_HOLE, strict:FALSE);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-280.NASL
    descriptionDigital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use. Since the packages for potato are quite old it is likely that they contain more security-relevant bugs that we don
    last seen2020-06-01
    modified2020-06-02
    plugin id15117
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15117
    titleDebian DSA-280-1 : samba - buffer overflow
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-280. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15117);
      script_version("1.27");
      script_cvs_date("Date: 2019/08/02 13:32:17");
    
      script_cve_id("CVE-2003-0196", "CVE-2003-0201");
      script_bugtraq_id(7294, 7295);
      script_xref(name:"CERT", value:"267873");
      script_xref(name:"DSA", value:"280");
    
      script_name(english:"Debian DSA-280-1 : samba - buffer overflow");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Digital Defense, Inc. has alerted the Samba Team to a serious
    vulnerability in Samba, a LanManager-like file and printer server for
    Unix. This vulnerability can lead to an anonymous user gaining root
    access on a Samba serving system. An exploit for this problem is
    already circulating and in use.
    
    Since the packages for potato are quite old it is likely that they
    contain more security-relevant bugs that we don't know of. You are
    therefore advised to upgrade your systems running Samba to woody soon.
    
    Unofficial backported packages from the Samba maintainers for version
    2.2.8 of Samba for woody are available at ~peloy and ~vorlon."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://people.debian.org/~peloy/samba/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://people.debian.org/~vorlon/samba/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2003/dsa-280"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the Samba packages immediately.
    
    For the stable distribution (woody) this problem has been fixed in
    version 2.2.3a-12.3.
    
    For the old stable distribution (potato) this problem has been fixed
    in version 2.0.7-5.1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Samba trans2open Overflow (Solaris SPARC)');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:samba");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2003/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
      script_set_attribute(attribute:"vuln_publication_date", value:"2003/04/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"2.2", prefix:"samba", reference:"2.0.7-5.1")) flag++;
    if (deb_check(release:"2.2", prefix:"samba-common", reference:"2.0.7-5.1")) flag++;
    if (deb_check(release:"2.2", prefix:"samba-doc", reference:"2.0.7-5.1")) flag++;
    if (deb_check(release:"2.2", prefix:"smbclient", reference:"2.0.7-5.1")) flag++;
    if (deb_check(release:"2.2", prefix:"smbfs", reference:"2.0.7-5.1")) flag++;
    if (deb_check(release:"2.2", prefix:"swat", reference:"2.0.7-5.1")) flag++;
    if (deb_check(release:"3.0", prefix:"libpam-smbpass", reference:"2.2.3a-12.3")) flag++;
    if (deb_check(release:"3.0", prefix:"libsmbclient", reference:"2.2.3a-12.3")) flag++;
    if (deb_check(release:"3.0", prefix:"libsmbclient-dev", reference:"2.2.3a-12.3")) flag++;
    if (deb_check(release:"3.0", prefix:"samba", reference:"2.2.3a-12.3")) flag++;
    if (deb_check(release:"3.0", prefix:"samba-common", reference:"2.2.3a-12.3")) flag++;
    if (deb_check(release:"3.0", prefix:"samba-doc", reference:"2.2.3a-12.3")) flag++;
    if (deb_check(release:"3.0", prefix:"smbclient", reference:"2.2.3a-12.3")) flag++;
    if (deb_check(release:"3.0", prefix:"smbfs", reference:"2.2.3a-12.3")) flag++;
    if (deb_check(release:"3.0", prefix:"swat", reference:"2.2.3a-12.3")) flag++;
    if (deb_check(release:"3.0", prefix:"winbind", reference:"2.2.3a-12.3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2003-138.NASL
    descriptionUpdated Samba packages that fix a security vulnerability are now available. Samba is a suite of utilities which provides file and printer sharing services to SMB/CIFS clients. A security vulnerability has been found in versions of Samba up to and including 2.2.8. An anonymous user could exploit the vulnerability to gain root access on the target machine. Note that this is a different vulnerability than the one fixed by RHSA-2003:096. An exploit for this vulnerability is publicly available. All users of Samba are advised to update to the packages listed in this erratum, which contain a backported patch correcting this vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id12387
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12387
    titleRHEL 2.1 : samba (RHSA-2003:138)
  • NASL familyGain a shell remotely
    NASL idSAMBA_TRANS2OPEN_OVERFLOW.NASL
    descriptionThe remote Samba server is vulnerable to a buffer overflow when it calls the function trans2open(). An attacker may exploit this flaw to gain a root shell on this host. In addition, it is reported that this version of Samba is vulnerable to additional overflows, although Nessus has not checked for them.
    last seen2020-06-01
    modified2020-06-02
    plugin id11523
    published2003-04-07
    reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/11523
    titleSamba < 2.2.8a / 3.0.0 Multiple Remote Overflows
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2003_025.NASL
    descriptionThe remote host is missing a security patch for samba. It is, therefore, affected by a buffer overflow condition in the call_trans2open() function within file trans2.c due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via an overly long string passed to the pname variable, to execute arbitrary code with the privileges of the server.
    last seen2020-06-01
    modified2020-06-02
    plugin id13795
    published2004-07-25
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13795
    titleSUSE-SA:2003:025: samba

Oval

  • accepted2010-09-20T04:00:19.563-04:00
    classvulnerability
    contributors
    • nameBrian Soby
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionBuffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
    familyunix
    idoval:org.mitre.oval:def:2163
    statusaccepted
    submitted2004-12-30T12:00:00.000-04:00
    titleSamba call_trans2open() Buffer Overflow
    version37
  • accepted2010-09-20T04:00:30.236-04:00
    classvulnerability
    contributors
    • nameJay Beale
      organizationBastille Linux
    • nameJay Beale
      organizationBastille Linux
    • nameThomas R. Jones
      organizationMaitreya Security
    • nameJonathan Baker
      organizationThe MITRE Corporation
    descriptionBuffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
    familyunix
    idoval:org.mitre.oval:def:567
    statusaccepted
    submitted2003-08-17T12:00:00.000-04:00
    titleBO in Samba call_trans2open Function
    version41

Packetstorm

Redhat

advisories
rhsa
idRHSA-2003:137

Saint

bid7294
descriptionSamba call_trans2open buffer overflow
idwin_samba
osvdb4469
titlesamba_call_trans2open
typeremote