CVE-2002-1318

samba 2.2.2-2.2.6 - Buffer Overflow via Encrypted Password Decryption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1318. PoCs published by hdm, including Metasploit module exploits/multi/samba/nttrans.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Samba 2.2.2-2.2.6 via a malformed NTTrans request, allowing remote code execution. It uses a pattern to overwrite the EIP and injects a payload into the vulnerable process.

Description

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

Exploits (1)

metasploit WORKING POC NORMAL

by hdm · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/samba/nttrans.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Samba 2.2.2-2.2.6 via a malformed NTTrans request, allowing remote code execution. It uses a pattern to overwrite the EIP and injects a payload into the vulnerable process.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Samba 2.2.2 - 2.2.6

No auth needed

Prerequisites: Network access to SMB port (139) · Vulnerable Samba version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (16)

Core 16

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/958321

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/10683

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2002/dsa-200

Third Party Advisory, US Government Resource vendor-advisory x_refsource_hp

http://www.ciac.org/ciac/bulletins/n-023.shtml

Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac

http://www.ciac.org/ciac/bulletins/n-019.shtml

Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6210

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2002-266.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1467

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2002_045_samba.html

Vendor Advisory x_refsource_confirm

http://us1.samba.org/samba/whatsnew/samba-2.2.7.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=103801986818076&w=2

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=103859045302448&w=2

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I

Various Sources vendor-advisory x_refsource_mandrake

http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php

Scores

EPSS 0.5191

EPSS Percentile 98.8%

Details

Status published

Products (27)

hp/cifs-9000_server a.01.08

hp/cifs-9000_server a.01.08.01

hp/cifs-9000_server a.01.09

samba/samba 2.2.2

samba/samba 2.2.3

samba/samba 2.2.4

samba/samba 2.2.5

samba/samba 2.2.6

sgi/irix 6.5

sgi/irix 6.5.1

... and 17 more

Published Dec 11, 2002

Tracked Since Feb 18, 2026