CVE-2003-0085

Current Description

Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

Basic Data

PublishedMarch 31, 2003
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSambaSamba2.0.0*******
    2.3ApplicationSambaSamba2.0.1*******
    2.3ApplicationSambaSamba2.0.2*******
    2.3ApplicationSambaSamba2.0.3*******
    2.3ApplicationSambaSamba2.0.4*******
    2.3ApplicationSambaSamba2.0.5*******
    2.3ApplicationSambaSamba2.0.6*******
    2.3ApplicationSambaSamba2.0.7*******
    2.3ApplicationSambaSamba2.0.8*******
    2.3ApplicationSambaSamba2.0.9*******
    2.3ApplicationSambaSamba2.0.10*******
    2.3ApplicationSambaSamba2.2.0*******
    2.3ApplicationSambaSamba2.2.0a*******
    2.3ApplicationSambaSamba2.2.1a*******
    2.3ApplicationSambaSamba2.2.2*******
    2.3ApplicationSambaSamba2.2.3*******
    2.3ApplicationSambaSamba2.2.3a*******
    2.3ApplicationSambaSamba2.2.4*******
    2.3ApplicationSambaSamba2.2.5*******
    2.3ApplicationSambaSamba2.2.6*******
    2.3ApplicationSambaSamba2.2.7*******
    2.3ApplicationSambaSamba2.2.7a*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationHpCifs-9000 Servera.01.05*******
    2.3ApplicationHpCifs-9000 Servera.01.06*******
    2.3ApplicationHpCifs-9000 Servera.01.07*******
    2.3ApplicationHpCifs-9000 Servera.01.08*******
    2.3ApplicationHpCifs-9000 Servera.01.08.01*******
    2.3ApplicationHpCifs-9000 Servera.01.09*******
    2.3ApplicationHpCifs-9000 Servera.01.09.01*******

Vulnerable Software List

VendorProductVersions
Samba Samba 2.0.0, 2.0.1, 2.0.10, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.2.0, 2.2.0a, 2.2.1a, 2.2.2, 2.2.3, 2.2.3a, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.7a
Hp Cifs-9000 Server a.01.05, a.01.06, a.01.07, a.01.08, a.01.08.01, a.01.09, a.01.09.01

References

NameSourceURLTags
20030302-01-Iftp://patches.sgi.com/support/free/security/advisories/20030302-01-ISGI
20030317 GLSA: samba (200303-11)http://marc.info/?l=bugtraq&m=104792646416629&w=2BUGTRAQ
20030317 Security Bugfix for Samba - Samba 2.2.8 Releasedhttp://marc.info/?l=bugtraq&m=104792723017768&w=2BUGTRAQ
20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)http://marc.info/?l=bugtraq&m=104801012929374&w=2BUGTRAQ
8299http://secunia.com/advisories/8299SECUNIA
8303http://secunia.com/advisories/8303SECUNIA
DSA-262http://www.debian.org/security/2003/dsa-262DEBIANPatch Vendor Advisory
GLSA-200303-11http://www.gentoo.org/security/en/glsa/glsa-200303-11.xmlGENTOO
VU#298233http://www.kb.cert.org/vuls/id/298233CERT-VNUS Government Resource
MDKSA-2003:032http://www.mandriva.com/security/advisories?name=MDKSA-2003:032MANDRAKE
SuSE-SA:2003:016http://www.novell.com/linux/security/advisories/2003_016_samba.htmlSUSE
RHSA-2003:095http://www.redhat.com/support/errata/RHSA-2003-095.htmlREDHAT
RHSA-2003:096http://www.redhat.com/support/errata/RHSA-2003-096.htmlREDHAT
20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSLhttp://www.securityfocus.com/archive/1/316165/30/25370/threadedBUGTRAQ
IMNX-2003-7+-003-01http://www.securityfocus.com/archive/1/317145/30/25220/threadedIMMUNIX
7106http://www.securityfocus.com/bid/7106BIDPatch Vendor Advisory
oval:org.mitre.oval:def:552https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A552OVAL