Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Samba 2.2.2 <= 2.2.6 Vulnerability (CVE-2003-0085)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Samba is prone to a buffer overflow vulnerability.
Insight
Insight
There was a bug in the length checking for encrypted password change requests from clients. A client could potentially send an encrypted password, which, when decrypted with the old hashed password could be used as a buffer overrun attack on the stack of smbd. The attach would have to be crafted such that converting a DOS codepage string to little endian UCS2 unicode would translate into an executable block of code. All versions of Samba between 2.2.2 to 2.2.6 inclusive are vulnerable to this problem. This version of Samba 2.2.7 contains a fix for this problem. Earlier versions of Samba are not vulnerable. There is no known exploit or exploit code for this vulnerability, it was discovered by a code audit by Debian Samba maintainers.
Affected Software
Affected Software
Samba versions 2.2.2 through 2.2.6.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 2.2.7a or later.