SCAN: Core Impact SAMBA trans2 Exploit
This signature detects the CORE Impact penetration testing tool using the SAMBA trans2 exploit against your network (this exploit is also detected by the signature attack object CRIT:APP:SAMBA:SMB-TRANS2ROOT-OF). Because CORE Impact can chain one infected computer to another, other machines in the network might already be compromised. CORE Impact can be used legitimately to perform a network security audit of your network. However, if a network security audit is not in progress, this signature can indicate that a malicious attacker is using the CORE Impact tool to compromise your network.
Extended Description
A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt sensitive locations in memory. Successful exploitation of this issue could allow an attacker to execute arbitrary commands, with the privileges of the Samba process. It should be noted that this vulnerability affects Samba 2.2.8 and earlier. Samba-TNG 0.3.1 and earlier are also affected.
Affected Products
Sun cobalt_raq_550_4100r,Samba samba
References
BugTraq: 7294
CVE: CVE-2003-0201
URL: http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0008.html
Short Name
SCAN:CORE:SAMBA-TRANS2
Severity
Info
Recommended
False
Recommended Action
None
Category
SCAN
Keywords
CVE-2003-0201 Core Exploit Impact SAMBA bid:7294 trans2
Release Date
12/14/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Rarely
Vendors
Samba
Compaq
Sun
Hp
Samba-tng
Apple
CVSS Score
10.0