Search for vulnerabilities
Vulnerability details: VCID-arvt-72yy-aaak
Vulnerability ID VCID-arvt-72yy-aaak
Aliases CVE-2002-1318
Summary Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.14543 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.70010 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.70010 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.70010 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.70010 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.73412 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.73412 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.73412 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.73412 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.73412 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.73412 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.73412 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.73412 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.73412 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.73412 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.75047 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
epss 0.77782 https://api.first.org/data/v1/epss?cve=CVE-2002-1318
rhbs unspecified https://bugzilla.redhat.com/show_bug.cgi?id=1616871
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2002-1318
Reference id Reference type URL
ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550
http://marc.info/?l=bugtraq&m=103801986818076&w=2
http://marc.info/?l=bugtraq&m=103859045302448&w=2
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1318.json
https://api.first.org/data/v1/epss?cve=CVE-2002-1318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1318
https://exchange.xforce.ibmcloud.com/vulnerabilities/10683
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1467
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580
http://us1.samba.org/samba/whatsnew/samba-2.2.7.html
http://www.ciac.org/ciac/bulletins/n-019.shtml
http://www.ciac.org/ciac/bulletins/n-023.shtml
http://www.debian.org/security/2002/dsa-200
http://www.kb.cert.org/vuls/id/958321
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php
http://www.novell.com/linux/security/advisories/2002_045_samba.html
http://www.redhat.com/support/errata/RHSA-2002-266.html
http://www.securityfocus.com/bid/6210
1616871 https://bugzilla.redhat.com/show_bug.cgi?id=1616871
cpe:2.3:a:hp:cifs-9000_server:a.01.08:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:cifs-9000_server:a.01.08:*:*:*:*:*:*:*
cpe:2.3:a:hp:cifs-9000_server:a.01.08.01:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:cifs-9000_server:a.01.08.01:*:*:*:*:*:*:*
cpe:2.3:a:hp:cifs-9000_server:a.01.09:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:hp:cifs-9000_server:a.01.09:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*
cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*
CVE-2002-1318 https://nvd.nist.gov/vuln/detail/CVE-2002-1318
RHSA-2002:266 https://access.redhat.com/errata/RHSA-2002:266
Data source Metasploit
Description This module attempts to exploit a buffer overflow vulnerability present in versions 2.2.2 through 2.2.6 of Samba. The Samba developers report this as: "Bug in the length checking for encrypted password change requests from clients." The bug was discovered and reported by the Debian Samba Maintainers.
Note 
{}
Ransomware campaign use Unknown
Source publication date April 7, 2003
Platform Linux
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/samba/nttrans.rb
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2002-1318
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.95881
EPSS Score 0.14543
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.