Executive Summary
Summary | |
---|---|
Title | New samba packages fix remote root exploit |
Informations | |||
---|---|---|---|
Name | DSA-280 | First vendor Publication | 2003-04-07 |
Vendor | Debian | Last vendor Modification | 2003-04-07 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use. Since the packags for potato are quite old it is likely that they contain more security-relevant bugs that we know of. You are therefore advised to upgrade your systems running Samba to woody soon. Unofficial backported packages from the Samba maintainers for version 2.2.8 of Samba for woody are available at For the stable distribution (woody) this problem has been fixed in version 2.2.3a-12.3. For the old stable distribution (potato) this problem has been fixed in version 2.0.7-5.1. The unstable distribution (sid) is not affected since it contains version 3.0 packages already. We recommend that you upgrade your Samba packages immediately. |
Original Source
Url : http://www.debian.org/security/2003/dsa-280 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:2163 | |||
Oval ID: | oval:org.mitre.oval:def:2163 | ||
Title: | Samba call_trans2open() Buffer Overflow | ||
Description: | Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0201 | Version: | 3 |
Platform(s): | Sun Solaris 9 | Product(s): | Samba |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:564 | |||
Oval ID: | oval:org.mitre.oval:def:564 | ||
Title: | Multiple Buffer Overflows in Samba | ||
Description: | Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0196 | Version: | 4 |
Platform(s): | Red Hat Linux 9 | Product(s): | Samba |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:567 | |||
Oval ID: | oval:org.mitre.oval:def:567 | ||
Title: | BO in Samba call_trans2open Function | ||
Description: | Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2003-0201 | Version: | 4 |
Platform(s): | Red Hat Linux 9 | Product(s): | Samba, Samba-TNG |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Samba call_trans2open buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 280-1 (samba) File : nvt/deb_280_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
13397 | Samba Multiple Unspecified Overflows |
4469 | Samba trans2.c call_trans2open() Function Overflow Samba contains a flaw that may allow a remote attacke to execute arbitrary code. The issue is due to a flaw in trans2.c in which the call_trans2open() function user input is not properly sanitized. If an attacker supplied an overly long string to the pname variable, they may be able to overflow the buffer and execute arbitrary code with the privileges of the server. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | SMB Trans2 OPEN2 unicode maximum param count overflow attempt RuleID : 2103-community - Revision : 16 - Type : NETBIOS |
2014-01-10 | SMB Trans2 OPEN2 unicode maximum param count overflow attempt RuleID : 2103 - Revision : 16 - Type : NETBIOS |
2014-01-10 | SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt RuleID : 11964 - Revision : 4 - Type : NETBIOS |
2014-01-10 | SMB Trans2 OPEN2 andx maximum param count overflow attempt RuleID : 11963 - Revision : 4 - Type : NETBIOS |
2014-01-10 | SMB-DS Trans2 OPEN2 unicode andx maximum param count overflow attempt RuleID : 11962 - Revision : 5 - Type : NETBIOS |
2014-01-10 | SMB-DS Trans2 OPEN2 andx maximum param count overflow attempt RuleID : 11961 - Revision : 5 - Type : NETBIOS |
2014-01-10 | SMB Trans2 OPEN2 unicode andx maximum param count overflow attempt RuleID : 11960 - Revision : 4 - Type : NETBIOS |
2014-01-10 | SMB Trans2 OPEN2 andx maximum param count overflow attempt RuleID : 11959 - Revision : 4 - Type : NETBIOS |
2014-01-10 | SMB Trans2 OPEN2 unicode maximum param count overflow attempt RuleID : 11958 - Revision : 4 - Type : NETBIOS |
2014-01-10 | SMB Trans2 OPEN2 maximum param count overflow attempt RuleID : 11957 - Revision : 4 - Type : NETBIOS |
2014-01-10 | SMB-DS Trans2 OPEN2 unicode maximum param count overflow attempt RuleID : 11956 - Revision : 5 - Type : NETBIOS |
2014-01-10 | SMB-DS Trans2 OPEN2 maximum param count overflow attempt RuleID : 11955 - Revision : 5 - Type : NETBIOS |
2014-01-10 | SMB Trans2 OPEN2 maximum param count overflow attempt RuleID : 11945 - Revision : 4 - Type : NETBIOS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-280.nasl - Type : ACT_GATHER_INFO |
2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2003-044.nasl - Type : ACT_GATHER_INFO |
2004-07-25 | Name : The remote host is missing a vendor-supplied security patch. File : suse_SA_2003_025.nasl - Type : ACT_GATHER_INFO |
2004-07-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2003-138.nasl - Type : ACT_GATHER_INFO |
2003-04-07 | Name : Arbitrary code may be run on the remote server. File : samba_trans2open_overflow.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2014-02-17 11:32:19 |
|