SCAN: Core Impact SAMBA nttrans Exploit
This signature detects the CORE Impact penetration testing tool using the SAMBA nttrans exploit against your network (this exploit is also detected by the signature attack object CRIT:APP:SAMBA:NTRANS-RPLY). Because CORE Impact can chain one infected computer to another, other machines in the network might already be compromised. CORE Impact can be used legitimately to perform a network security audit of your network. However, if a network security audit is not in progress, this signature can indicate that a malicious attacker is using the CORE Impact tool to compromise your network.
Extended Description
Samba is prone to a buffer-overflow vulnerability when the 'smbd' service tries to reassemble specially crafted SMB/CIFS packets. An attacker can exploit this vulnerability by creating a specially formatted SMB/CIFS packet and sending it to a vulnerable Samba server. The overflow condition will be triggered and will cause smbd to overwrite sensitive areas of memory with attacker-supplied values. Note that the smbd service runs with root privileges.
Affected Products
Sun solaris
References
BugTraq: 7106
CVE: CVE-2003-0085
URL: http://marc.theaimsgroup.com/?l=bugtraq&m=104801012929374&w=2
Short Name
SCAN:CORE:SAMBA-NTTRANS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
SCAN
Keywords
CVE-2003-0085 Core Exploit Impact SAMBA bid:7106 nttrans
Release Date
12/14/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Sun
Hp
Samba
Samba-tng
CVSS Score
10.0