Intrusion Prevention

SMB.Trans2open.Buffer.Overflow

Description

It indicates a buffer overflow attempt is made against Samba server.
Samba is an Open Source/Free Software suite that provides seamless file and
print services to SMB/CIFS clients. Samba-TNG was originally a fork off of
the Samba source tree, and aims at being a substitute for a Windows NT domain
controller.
There exists a vulnerability in some versions of Samba that allows attackers to execute arbitrary code by sending specially crafted request that causes buffer overflow in the call_trans2open function.

Affected Products

Samba Samba 2.2.8 - Samba Samba 2.2.2

Impact

Attackers can gain remote root access and execute arbitrary code on the victim system.

Recommended Actions

Upgrading to the latest version of Samba or Samba-TNG.
Samba is available for download from: http://www.samba.org/
Samba-TNG is available for download from: http://www.samba-tng.org/

CVE References

CVE-2003-0201