CVE-2002-2196

Samba < 2.2.5 - Remote Code Execution via Buffer Overflow in enum_csc_policy

Title source: llm

Description

Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.

References (5)

Core 5

Core References

Various Sources mailing-list x_refsource_mlist

http://lists.samba.org/archive/samba-technical/2002-June/022075.html

Various Sources vendor-advisory x_refsource_freebsd

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc

Patch vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/10010.php

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHBA-2002-209.html

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5587

Scores

EPSS 0.1307

EPSS Percentile 94.2%

Details

CWE

CWE-119

Status published

Products (9)

samba/samba 1.9.17 (5 CPE variants)

samba/samba 1.9.18 p1 (9 CPE variants)

samba/samba 2.0.0

samba/samba 2.0.5a

samba/samba 2.2.1

samba/samba 2.2.1a

samba/samba 2.2.3a

samba/samba 2.2a

samba/samba < 2.2.4

Published Dec 31, 2002

Tracked Since Feb 18, 2026