cbcvebase.
CVE-2003-0085
published 2003-03-31

CVE-2003-0085: Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote…

PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
87.92%
99.7th percentile
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
debiansamba< samba 2.2.8 (bookworm)samba 2.2.8 (bookworm)
hpcifs-9000_server
hpcifs-9000_server
hpcifs-9000_server
hpcifs-9000_server
hpcifs-9000_server
hpcifs-9000_server
hpcifs-9000_server
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba
sambasamba

Detection & IOCsextracted from sources · hover to see the quote

port139
port5074
commandSMB_COM_NT_TRANSACT followed by SMB_COM_NT_TRANSACT_SECONDARY with ParamCountTotal=12000 and crafted ParamDisplace
  • The exploit targets smbd running with root privileges via the SMB/CIFS packet fragment re-assembly code path. Monitor smbd processes for unexpected child processes spawning /bin/sh.
  • ·The vulnerability affects Samba before 2.2.8 and Samba-TNG before 0.3.1; systems running patched versions (2.2.8+) are not vulnerable.
  • ·The C exploit uses a brute-force stack displacement loop (BRUTESTEP 5120, range 0xbfffd000–0xbfffffff) meaning multiple connection attempts will be made; a single failed attempt does not rule out exploitation.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.