Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0201

23 documents10 sources
Severity
10.0CRITICAL
EPSS
84.0%
top 0.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
8
Apple MAC OS XCompaq Tru64HP Cifs-9000 Server+5 more
Timeline
PublishedMay 5
Latest updateMay 3

Description

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages9 packages

Debiansamba< 3.0+3
NVDsamba/samba21 versions+20
NVDsamba-tng/samba-tng0.3, 0.3.1+1
NVDhp/hp-ux8 versions+7
NVDsun/sunos5.5.1, 5.7, 5.8+2

Patches

Patch: www.debian.orgPatch: www.securityfocus.comPatch: www.debian.org

🔴Vulnerability Details

4
GHSA
GHSA-6mm7-g5cc-wpx6: Buffer overflow in the call_trans2open function in trans22022-05-03
OSV
CVE-2003-0201: Buffer overflow in the call_trans2open function in trans22003-05-05
CVEList
CVE-2003-0201: Buffer overflow in the call_trans2open function in trans22003-04-15
VulnCheck
Samba Samba Out-of-bounds Write2003

💥Exploits & PoCs

12
Exploit-DB
Samba 2.2.8 (Linux x86) - 'trans2open' Remote Overflow (Metasploit)2010-07-14
Exploit-DB
Samba 2.2.8 (Solaris SPARC) - 'trans2open' Remote Overflow (Metasploit)2010-06-21
Exploit-DB
Samba 2.2.8 (OSX/PPC) - 'trans2open' Remote Overflow (Metasploit)2010-06-21
Exploit-DB
Samba 2.2.8 (BSD x86) - 'trans2open' Remote Overflow (Metasploit)2010-06-17
Exploit-DB
Samba 2.2.8 - Brute Force Method Remote Command Execution2003-07-13

🔍Detection Rules

1
Suricata
GPL NETBIOS SMB trans2open buffer overflow attempt2010-09-23

📋Vendor Advisories

3
Red Hat
security flaw2003-04-07
Red Hat
security flaw2003-04-07
Debian
CVE-2003-0201: samba - Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x befo...2003

💬Community

2
Bugzilla
CVE-2003-0196 security flaw2018-08-16
Bugzilla
CVE-2003-0201 security flaw2018-08-16
CVE-2003-0201 (CRITICAL CVSS 10) | Buffer overflow in the call_trans2o | cvebase.io