Bug 40140 (CVE-2003-0085)

Summary: VUL-0: CVE-2003-0085: samba: remote root exploit
Product: [Novell Products] SUSE Security Incidents Reporter: Lars Müller <lmuelle>
Component: IncidentsAssignee: Lars Müller <lmuelle>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Blocker    
Priority: P1 - Urgent CC: meissner
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Lars Müller 2003-03-12 17:55:53 UTC 
A remote root exploit weas found by the SuSE Security Team. Fixes for 2.2.7a are
available.
Comment 1 Lars Müller 2003-03-12 17:55:53 UTC 
<!-- SBZ_reproduce  -->
No exploit is currently available.
Comment 2 Chris Schlaeger 2003-03-13 00:04:50 UTC 
Will we get the fix for the beta5 deadline tonight?
Comment 3 Lars Müller 2003-03-13 00:05:26 UTC 
Yes.
Comment 4 Lars Müller 2003-03-13 00:17:27 UTC 
Fixed for STABLE. Move bug to UL1.
Comment 5 Lars Müller 2003-03-13 22:47:17 UTC 
Move back to SL as additional patches have to be added.
Comment 6 Lars Müller 2003-03-14 01:08:04 UTC 
Fixed for STABLE. Move bug to UL1.
Comment 7 Lars Müller 2003-03-18 08:04:45 UTC 
Fixed for all versions.
Comment 8 Marcus Meissner 2017-04-20 14:50:38 UTC 
I think this bug covers both

CVE-2003-0085 

Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary
code.

and CVE-2003-0086

The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.