fkie_nvd - fkie_cve-2002-2196

fkie_cve-2002-2196

Vulnerability from fkie_nvd

Published

2002-12-31 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.

References

URL	Tags
cve@mitre.org	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
cve@mitre.org	http://lists.samba.org/archive/samba-technical/2002-June/022075.html
cve@mitre.org	http://rhn.redhat.com/errata/RHBA-2002-209.html
cve@mitre.org	http://www.iss.net/security_center/static/10010.php	Patch
cve@mitre.org	http://www.securityfocus.com/bid/5587	Patch
af854a3a-2127-422b-91ae-364da2661108	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
af854a3a-2127-422b-91ae-364da2661108	http://lists.samba.org/archive/samba-technical/2002-June/022075.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHBA-2002-209.html
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/security_center/static/10010.php	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/5587	Patch

Impacted products

Vendor	Product	Version
samba	samba	*
samba	samba	1.9.17
samba	samba	1.9.17
samba	samba	1.9.17
samba	samba	1.9.17
samba	samba	1.9.17
samba	samba	1.9.18
samba	samba	1.9.18
samba	samba	1.9.18
samba	samba	1.9.18
samba	samba	1.9.18
samba	samba	1.9.18
samba	samba	1.9.18
samba	samba	1.9.18
samba	samba	1.9.18
samba	samba	2.0.0
samba	samba	2.0.5a
samba	samba	2.2.1
samba	samba	2.2.1a
samba	samba	2.2.3a
samba	samba	2.2a

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F69ED4B5-C485-4996-8AAE-F3800D37170F",
              "versionEndIncluding": "2.2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3B50D9E-EA43-44BF-9176-610EC808B986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.17:p1:*:*:*:*:*:*",
              "matchCriteriaId": "BCBBF662-40C3-4280-BE79-9D7C36A6DF5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.17:p3:*:*:*:*:*:*",
              "matchCriteriaId": "BDD6A6AE-C636-4131-807B-59F7784B7AB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.17:p4:*:*:*:*:*:*",
              "matchCriteriaId": "8C6D63F5-B72C-445A-BC61-D52D6022481B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.17:p5:*:*:*:*:*:*",
              "matchCriteriaId": "1ADD724A-1747-4678-A659-0A528B728C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.18:p1:*:*:*:*:*:*",
              "matchCriteriaId": "A3ABEA3A-8F88-4947-80A5-CF1459F5AC8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.18:p10:*:*:*:*:*:*",
              "matchCriteriaId": "86F85E94-9F94-457A-A606-35DB558484A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.18:p2:*:*:*:*:*:*",
              "matchCriteriaId": "1ED4704B-2422-43C9-A2E0-9851F56D4CEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.18:p3:*:*:*:*:*:*",
              "matchCriteriaId": "158D175A-E0D7-45EF-BDD2-D86F2E8F7766",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.18:p4:*:*:*:*:*:*",
              "matchCriteriaId": "7854FCEF-D1F8-4DEC-A6CB-C4470899F71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.18:p5:*:*:*:*:*:*",
              "matchCriteriaId": "36D8B675-C209-4D5A-8EA7-1B3515E930FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.18:p6:*:*:*:*:*:*",
              "matchCriteriaId": "4BCECF31-4C73-4ABA-9F84-D5DBA1DB1F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.18:p7:*:*:*:*:*:*",
              "matchCriteriaId": "2C5A1382-D147-43E5-8DB7-93B7A3B9AA0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:1.9.18:p8:*:*:*:*:*:*",
              "matchCriteriaId": "3A497A5D-96FC-490E-87EB-94C1BE7338A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F681E4CC-B8D3-48A2-B93E-0363B22B059E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BDD0125-4C47-404A-9DC0-2E923C66B4D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCACECDD-40F1-4A9B-8B8A-20565FEE3627",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F65FF3-71F8-4278-A823-A6E0FF65D9F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "614547F5-9C3F-489B-9B72-91B0FF646CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC2AE5A9-62C5-4DCE-85B3-16F48695B3B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack."
    }
  ],
  "id": "CVE-2002-2196",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.samba.org/archive/samba-technical/2002-June/022075.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHBA-2002-209.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.iss.net/security_center/static/10010.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/5587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.samba.org/archive/samba-technical/2002-June/022075.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHBA-2002-209.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.iss.net/security_center/static/10010.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/5587"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "This issue did not affect the versions of Samba as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.",
      "lastModified": "2006-08-30T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2002-2196 (GCVE-0-2002-2196)

Vulnerability from cvelistv5

Published

2005-11-16 21:17