CVE-2003-0201 PoC — Samba服务器call_trans2open远程缓冲区溢出漏洞

Source

https://github.com/KernelPan1k/trans2open-CVE-2003-0201

Associated Vulnerability

Title:Samba服务器call_trans2open远程缓冲区溢出漏洞 (CVE-2003-0201)
Description:Samba是一套实现SMB(Server Messages Block)协议，跨平台进行文件共享和打印共享服务的程序。Samba-TNG是一款Samba的衍生版本。 Samba程序由于对外部输入缺少正确的边界缓冲区检查，远程攻击者可以利用这个漏洞以root用户权限在系统上执行任意指令。问题是smbd/trans2.c文件中的call_trans2open()函数调用: StrnCpy(fname，pname，namelen); /* Line 252 of smbd/trans2.c */ StrnCp

Description

Samba exploit CVE2003-0201

Readme

Samba versions 2.2.0 to 2.2.8
==============================

This exploits the buffer overflow found in Samba versions
2.2.0 to 2.2.8. This particular module is capable of
exploiting the flaw on x86 Linux systems that do not
have the noexec stack option set.
NOTE: Some older versions of RedHat do not seem to be vulnerable
since they apparently do not allow anonymous access to IPC.

CVE
===

- CVE-2003-0201
- OSVDB-4469
- BID-7294

Compile
=======

gcc trans2open.c -o trans2open

Metasploit
==========

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/samba/trans2open.rb

File Snapshot


 [4.0K]  /data/pocs/20b581b0f51765d60c4316d3906869c06b0ee1c3
├── [ 611]  README.md
└── [ 22K]  trans2open.c

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!