CVE-2003-0201

Name of the Vulnerable Software and Affected Versions Samba versions 2.2.x through 2.2.7 Samba versions 2.0.10 and earlier Samba-TNG versions prior to 0.3.2

Description A buffer overflow issue in the call trans2open function in trans2.c allows remote attackers to execute arbitrary code. The problem occurs when copying user-supplied data into a static buffer, which may allow an attacker to corrupt sensitive locations in memory and execute arbitrary commands with the privileges of the Samba process. Multiple vulnerabilities in Samba packages may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Samba versions 2.2.x through 2.2.7, update to version 2.2.8a or later. For Samba versions 2.0.10 and earlier, update to a version later than 2.0.10. For Samba-TNG versions prior to 0.3.2, update to version 0.3.2 or later. As a temporary workaround, consider restricting access to the Samba server until a patch is available.