- Overview
- Features
- Architecture & Open API
- Try NeXpose
- Buy NeXpose
- System Requirements
- Vulnerabilities Tested
- NeXpose Information
Search Hints:
Try searching for a product or vendor.
Only vulnerabilities that match all search terms will be returned.
Enclose search terms in double quotes for an exact search.
For CVE searches, only enter the CVE-YYYY-XXXX code.
Try searching for a product or vendor.
Only vulnerabilities that match all search terms will be returned.
Enclose search terms in double quotes for an exact search.
For CVE searches, only enter the CVE-YYYY-XXXX code.
NeXpose Vulnerability Database
< Previous Next >Samba Packet Assembling Buffer Overflow Vulnerability
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Critical (10) | 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Mar 31, 2003 | Nov 1, 2004 | Sep 21, 2007 |
Description:
Certain versions of Samba re-assemble incoming packets incorrectly in such a way that allows a remote attacker to overwrite arbitrary locations of memory. Successful exploitation of this vulnerability yields root privilege.
References:
- BID: http://www.securityfocus.com/bid/7106
- CERT-VN: http://www.kb.cert.org/vuls/id/298233
- CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0085
- MANDRAKE: http://www.mandriva.com/security/advisories?name=MDKSA-2003:032
- OVAL: http://oval.mitre.org/oval/definitions/data/OVAL552.html
- REDHAT: http://rhn.redhat.com/errata/RHSA-2003-095.html
- SGI: ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I
- SUSE: http://www.novell.com/linux/security/advisories.html
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=104792646416629&w=2
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=104792723017768&w=2
- URL: http://marc.theaimsgroup.com/?l=bugtraq&m=104801012929374&w=2
- URL: http://www.debian.org/security/2003/dsa-262
Solution:
Upgrade to Samba v2.2.8
Download and apply the upgrade from: http://hostopia.samba.org/samba/ftp/stable/samba-2.2.8.tar.gz
Information on these pages is summary information extracted from the NeXpose Vulnerabilty Assessment system. Full details are provided within the NeXpose product for licensed users.