Info

Disclosure

Jul 27, 2003

Discovery

Unknown

Dates

Exploit

Jul 27, 2003

Solution

Unknown

Description

A remote buffer overflow exists in Samba. The service fails to check a field length inside of the request before using this length in a memcpy() operation, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed with super-user privileges, resulting in a loss of confidentiality and integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.2.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Samba Project	Samba	2.0
		2.2.0
		2.2.1
		2.2.2
		2.2.3
		2.2.4
		2.2.5
		2.2.6
		2.2.7

References

ISS X-Force ID: 11550 12749
SCIP VulDB ID: 17
CVE ID: 2003-0085 (see also: NVD)
CERT VU: 298233
Metasploit ID: 6323
Bugtraq ID: 7106
Secunia Advisory ID: 8299
Generic Exploit URL: http://immunitysec.com
http://www.securiteam.com/exploits/5TP0M2AAKS.html

Credit

Sebastian Krahmer - krahmersuse.de - SuSE

Direct URL: http://osvdb.org/6323

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Samba Project

Samba

References

Credit