Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0085Improper Restriction of Operations within the Bounds of a Memory Buffer in HP Cifs-9000 Server

10 documents8 sources
Severity
10.0CRITICALNVD
EPSS
86.1%
top 0.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SambaHP Cifs-9000 Server
Timeline
PublishedMar 31
Latest updateMay 3

Description

Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

Debiansamba/samba< 2.2.8+3
NVDsamba/samba22 versions+21
NVDhp/cifs-9000_server7 versions+6

Patches

Patch: www.debian.orgPatch: www.securityfocus.comPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-qxx9-28p4-39v8: Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 22022-05-03
OSV
CVE-2003-0085: Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 22003-03-31
CVEList
CVE-2003-0085: Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 22003-03-18

💥Exploits & PoCs

3
Exploit-DB
Samba 2.2.2 < 2.2.6 - 'nttrans' Remote Buffer Overflow (Metasploit) (1)2010-04-28
Exploit-DB
Samba 2.2.x - 'nttrans' Remote Overflow (Metasploit)2003-04-07
Exploit-DB
Samba 2.2.x - CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow2003-03-15

📋Vendor Advisories

2
Red Hat
security flaw2003-03-15
Debian
CVE-2003-0085: samba - Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon ...2003

💬Community

1
Bugzilla
CVE-2003-0085 security flaw2018-08-16
CVE-2003-0085 — HP Cifs-9000 Server vulnerability | cvebase