Debian DSA-200-1 : samba - remote exploit

critical Nessus Plugin ID 15037

Synopsis

The remote Debian host is missing a security-related update.

Description

Steve Langasek found an exploitable bug in the password handling code in samba: when converting from DOS code-page to little endian UCS2 unicode a buffer length was not checked and a buffer could be overflowed. There is no known exploit for this, but an upgrade is strongly recommended.

Solution

This problem has been fixed in version 2.2.3a-12 of the Debian samba packages and upstream version 2.2.7.

See Also

http://www.debian.org/security/2002/dsa-200

Plugin Details

Severity: Critical

ID: 15037

File Name: debian_DSA-200.nasl

Version: 1.17

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:3.0, p-cpe:/a:debian:debian_linux:samba

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/22/2002

Exploitable With

Metasploit (Samba 2.2.2 - 2.2.6 nttrans Buffer Overflow)

Reference Information

CVE: CVE-2002-1318

DSA: 200