Info

Disclosure

Apr 07, 2003

Discovery

Apr 03, 2003

Dates

Exploit

Apr 08, 2003

Solution

Unknown

Description

Samba contains a flaw that may allow a remote attacke to execute arbitrary code. The issue is due to a flaw in trans2.c in which the call_trans2open() function user input is not properly sanitized. If an attacker supplied an overly long string to the pname variable, they may be able to overflow the buffer and execute arbitrary code with the privileges of the server.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Solution

Upgrade to Samba version 2.2.8a, Samba-TNG 0.3.2, or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Samba Project	Samba	2.2.5
		2.2.6
		2.2.7
		2.2.8
		2.0.10
		2.0.9
		2.0.8
		2.0.7
		2.0.6
		2.0.5a
		2.0.5
		2.0.4b
		2.0.4a
		2.0.4
		2.0.3
		2.0.2
		2.0.1
		2.0.0
	Samba-TNG	0.3.1

References

Milw0rm: 10 55 7
Exploit Database: 10 55 7
ISS X-Force ID: 11726
CVE ID: 2003-0201 (see also: NVD)
CERT VU: 267873
SCIP VulDB ID: 36
Bugtraq ID: 7294
Vendor Specific Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P http://archives.neohapsis.com/archives/bugtraq/2003-04/0103.html
http://archives.neohapsis.com/archives/bugtraq/2003-04/0145.html
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F53581&zone_32=category%3Asecurity
http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0515.1
http://www.debian.org/security/2003/dsa-280
http://www.linuxsecurity.com/advisories/freebsd_advisory-3128.html
http://www.linuxsecurity.com/advisories/immunix_advisory-3129.html
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:044
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.288636
http://www.suse.de/de/security/2003_025_samba.html
http://www.trustix.net/errata/misc/2003/TSL-2003-0019-samba.asc.txt
https://rhn.redhat.com/errata/RHSA-2003-137.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-04/0100.html
http://archives.neohapsis.com/archives/bugtraq/2003-04/0119.html
http://archives.neohapsis.com/archives/bugtraq/2003-04/0130.html
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/samba_call_trans2open
Other Advisory URL: http://www.digitaldefense.net/labs/advisories/DDI-1013.txt [ Link is 404 ]
CIAC Advisory: n-073

Credit

SECOPS team - labsdigitaldefense.net - Digital Defense Inc.

Direct URL: http://osvdb.org/4469

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Samba Project

Samba

Samba-TNG

References

Credit