CVE-2002-1318

Name of the Vulnerable Software and Affected Versions Samba versions 2.2.2 through 2.2.6 Samba Server versions 2.2.2 through 2.2.6 samba-swat version 2.2.7 samba-client version 2.2.7 samba-common version 2.2.7

Description The issue is related to multiple vulnerabilities in the Samba package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A buffer overflow in Samba allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption, where a DOS codepage string is converted to a little-endian UCS2 Unicode string.

Recommendations For Samba versions 2.2.2 through 2.2.6, consider updating to a version outside of this range to mitigate the risk. For samba-swat version 2.2.7, restrict access to the Samba service until a patch is available. For samba-client version 2.2.7, avoid using the client until the issue is resolved. For samba-common version 2.2.7, consider disabling the vulnerable components of Samba until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.