Vulnerability Name:

CVE-2003-0196 (CCN-32151)

Assigned:2003-04-07
Published:2003-04-07
Updated:2018-10-30
Summary:Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2003-0196

Source: BUGTRAQ
Type: UNKNOWN
20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)

Source: BUGTRAQ
Type: UNKNOWN
20030407 Immunix Secured OS 7+ samba update

Source: CCN
Type: BugTraq Mailing List, 2003-04-07 18:39:07
Immunix Secured OS 7+ samba update

Source: CCN
Type: RHSA-2003-137
New samba packages fix security vulnerability

Source: CCN
Type: RHSA-2003-138
samba security update

Source: CCN
Type: RHSA-2003-226
Updated samba packages fix security vulnerabilities

Source: CCN
Type: Samba Web site
Samba - opening Windows to a wider world

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-280

Source: DEBIAN
Type: DSA-280
samba -- buffer overflow

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2003:044

Source: CCN
Type: OpenPKG-SA-2003.028
Samba

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2003:137

Source: CCN
Type: BID-7295
Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities

Source: XF
Type: UNKNOWN
samba-multiple-unspecified-bo(32151)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:564

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:samba:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.0a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.1a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba-tng:samba-tng:0.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba-tng:samba-tng:0.3.1:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:compaq:tru64:4.0b:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0d:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0a:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0f:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1a:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1b:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.01:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.24:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.20:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:2.5.1:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:7.0:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8.0:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9.0:*:x86:*:*:*:*:*
  • OR cpe:/o:sun:sunos:-:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.7:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:hp:cifs-9000_server:a.01.05:*:*:*:*:*:*:*
  • OR cpe:/a:hp:cifs-9000_server:a.01.06:*:*:*:*:*:*:*
  • OR cpe:/a:hp:cifs-9000_server:a.01.07:*:*:*:*:*:*:*
  • OR cpe:/a:hp:cifs-9000_server:a.01.08:*:*:*:*:*:*:*
  • OR cpe:/a:hp:cifs-9000_server:a.01.08.01:*:*:*:*:*:*:*
  • OR cpe:/a:hp:cifs-9000_server:a.01.09:*:*:*:*:*:*:*
  • OR cpe:/a:hp:cifs-9000_server:a.01.09.01:*:*:*:*:*:*:*
  • OR cpe:/a:hp:cifs-9000_server:a.01.09.02:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba-tng:samba-tng:0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.0a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.1a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.3a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba-tng:samba-tng:0.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:2.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:1.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:564
    V
    		Multiple Buffer Overflows in Samba
    2010-09-20
    oval:org.debian:def:280
    V
    		buffer overflow
    2003-04-07
    BACK
    samba samba 2.0.0
    samba samba 2.0.1
    samba samba 2.0.2
    samba samba 2.0.3
    samba samba 2.0.4
    samba samba 2.0.5
    samba samba 2.0.6
    samba samba 2.0.7
    samba samba 2.0.8
    samba samba 2.0.9
    samba samba 2.0.10
    samba samba 2.2.0
    samba samba 2.2.0a
    samba samba 2.2.1a
    samba samba 2.2.2
    samba samba 2.2.3
    samba samba 2.2.3a
    samba samba 2.2.4
    samba samba 2.2.5
    samba samba 2.2.6
    samba samba 2.2.7
    samba samba 2.2.7a
    samba samba 2.2.8
    samba-tng samba-tng 0.3
    samba-tng samba-tng 0.3.1
    compaq tru64 4.0b
    compaq tru64 4.0d
    compaq tru64 4.0d_pk9_bl17
    compaq tru64 4.0f
    compaq tru64 4.0f_pk6_bl17
    compaq tru64 4.0f_pk7_bl18
    compaq tru64 4.0g
    compaq tru64 4.0g_pk3_bl17
    compaq tru64 5.0
    compaq tru64 5.0_pk4_bl17
    compaq tru64 5.0_pk4_bl18
    compaq tru64 5.0a
    compaq tru64 5.0a_pk3_bl17
    compaq tru64 5.0f
    compaq tru64 5.1
    compaq tru64 5.1_pk3_bl17
    compaq tru64 5.1_pk4_bl18
    compaq tru64 5.1_pk5_bl19
    compaq tru64 5.1_pk6_bl20
    compaq tru64 5.1a
    compaq tru64 5.1a_pk1_bl1
    compaq tru64 5.1a_pk2_bl2
    compaq tru64 5.1a_pk3_bl3
    compaq tru64 5.1b
    compaq tru64 5.1b_pk1_bl1
    hp hp-ux 10.01
    hp hp-ux 10.20
    hp hp-ux 10.24
    hp hp-ux 11.00
    hp hp-ux 11.04
    hp hp-ux 11.11
    hp hp-ux 11.20
    hp hp-ux 11.22
    sun solaris 2.5.1
    sun solaris 2.5.1
    sun solaris 2.6
    sun solaris 7.0
    sun solaris 8.0
    sun solaris 9.0
    sun solaris 9.0
    sun sunos -
    sun sunos 5.5.1
    sun sunos 5.7
    sun sunos 5.8
    hp cifs-9000 server a.01.05
    hp cifs-9000 server a.01.06
    hp cifs-9000 server a.01.07
    hp cifs-9000 server a.01.08
    hp cifs-9000 server a.01.08.01
    hp cifs-9000 server a.01.09
    hp cifs-9000 server a.01.09.01
    hp cifs-9000 server a.01.09.02
    samba samba 2.0.7
    samba samba 2.2.2
    samba samba 2.2.3
    samba samba 2.2.4
    samba samba 2.2.5
    samba samba 2.2.6
    samba-tng samba-tng 0.3.1
    samba samba 2.2.8
    samba samba 2.0.0
    samba samba 2.0.1
    samba samba 2.0.2
    samba samba 2.0.3
    samba samba 2.0.4
    samba samba 2.0.5
    samba samba 2.0.6
    samba samba 2.0.8
    samba samba 2.0.9
    samba samba 2.0.10
    samba samba 2.2.0a
    samba samba 2.2.0
    samba samba 2.2.1a
    samba samba 2.2.3a
    samba samba 2.2.7a
    samba samba 2.2.7
    samba-tng samba-tng 0.3
    debian debian linux 2.2
    redhat linux 7.1
    redhat linux 7.2
    mandrakesoft mandrake linux 8.2
    redhat linux 7.3
    debian debian linux 3.0
    openpkg openpkg current
    redhat linux 8.0
    openpkg openpkg 1.1
    mandrakesoft mandrake linux 9.0
    mandrakesoft mandrake multi network firewall 8.2
    openpkg openpkg 1.2
    mandrakesoft mandrake linux corporate server 2.1
    mandrakesoft mandrake linux 9.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat linux 9.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 8.2
    mandrakesoft mandrake linux 9.1
    mandrakesoft mandrake linux corporate server 2.1