cbcvebase.
CVE-2002-1318
published 2002-12-11

CVE-2002-1318: Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password…

PriorityP350critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
51.91%
98.8th percentile
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
debiansamba< samba 2.2.7 (bookworm)samba 2.2.7 (bookworm)
hpcifs-9000_server
hpcifs-9000_server
hpcifs-9000_server
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba>= 0 < 2.2.72.2.7
sambasamba>= 0 < 2.2.72.2.7
sambasamba>= 0 < 2.2.72.2.7
sambasamba>= 0 < 2.2.72.2.7
sgiirix
sgiirix
sgiirix
sgiirix
sgiirix
sgiirix
sgiirix
sgiirix
sgiirix
sgiirix
sgiirix
sgiirix

Detection & IOCsextracted from sources · hover to see the quote

  • Target Samba versions 2.2.2 through 2.2.6 are vulnerable; the overflow occurs during decryption of an encrypted password change request when a DOS codepage string is converted to a little-endian UCS2 unicode string
  • The exploit vector is an NT transaction (nttrans) request carrying a malformed encrypted password change payload; monitor SMB nttrans traffic for anomalous encrypted password change requests
  • The root cause is a length-checking bug in encrypted password change requests from clients; inspect SMB password change request handling for oversized payloads
  • ·Samba 2.2.7 resolves this vulnerability; systems still running 2.2.2–2.2.6 remain exploitable

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.