Digital Defense Inc. have discovered a buffer overflow in the samba file server, the widely spread implementation of the SMB protocol. The flaw allows a remote attacker to execute arbitrary commands as root on a server that runs a vulnerable version of samba. The vulnerability is known as DDI trans2.c overflow bug and is assigned the CVE ID CAN-2003-0201. Since this vulnerability was found during an analysis of an exploit happening in the wild, it should be assumed that exploits are circulating in the internet.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 7.1 | i386 | smbclnt | < 2.0.10-32 | smbclnt-2.0.10-32.i386.rpm |
openSUSE | 7.1 | i386 | samba | < 2.0.10-32 | samba-2.0.10-32.i386.rpm |
openSUSE | 7.2 | i386 | samba | < 2.2.0a-52 | samba-2.2.0a-52.i386.rpm |
openSUSE | 7.3 | sparc | samba-client | < 2.2.1a-76 | samba-client-2.2.1a-76.sparc.rpm |
openSUSE | 7.1 | alpha | smbclnt | < 2.0.10-23 | smbclnt-2.0.10-23.alpha.rpm |
openSUSE | 8.1 | i586 | samba-client | < 2.2.5-178 | samba-client-2.2.5-178.i586.rpm |
openSUSE | 7.1 | ppc | samba | < 2.0.10-24 | samba-2.0.10-24.ppc.rpm |
openSUSE | 7.3 | sparc | samba | < 2.2.1a-76 | samba-2.2.1a-76.sparc.rpm |
openSUSE | 8.0 | i386 | samba-client | < 2.2.3a-172 | samba-client-2.2.3a-172.i386.rpm |
openSUSE | 7.1 | alpha | samba | < 2.0.10-23 | samba-2.0.10-23.alpha.rpm |