CVE-2003-0201

EXPLOITED

Samba < 2.2.8a and 2.0.10 - Remote Code Execution via call_trans2open Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2003-0201 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 19 public exploits from researchers including Metasploit, Schizoprenic, eDSee, including a Metasploit module exploits/solaris/samba/trans2open.

AI-analyzed exploit summary This is a Metasploit module exploiting a buffer overflow in Samba versions 2.2.0 to 2.2.8 on x86 Linux systems. It leverages the trans2open vulnerability (CVE-2003-0201) to achieve remote code execution by overwriting the return address on the stack.

Description

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

Exploits (19)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux_x86
https://www.exploit-db.com/exploits/16861

This is a Metasploit module exploiting a buffer overflow in Samba versions 2.2.0 to 2.2.8 on x86 Linux systems. It leverages the trans2open vulnerability (CVE-2003-0201) to achieve remote code execution by overwriting the return address on the stack.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.0 to 2.2.8
No auth needed
Prerequisites: Network access to the Samba server on port 139 · Target system must not have noexec stack protection
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotesolaris_sparc
https://www.exploit-db.com/exploits/16330

This is a Metasploit module exploiting a buffer overflow in Samba versions 2.2.0 to 2.2.8 on Solaris SPARC systems. It uses a brute-force approach to bypass stack randomization and achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.0 to 2.2.8 on Solaris SPARC
No auth needed
Prerequisites: Network access to the target's SMB port (139) · Target system must not have noexec stack option set
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremoteosx_ppc
https://www.exploit-db.com/exploits/16876

This is a Metasploit module exploiting a buffer overflow in Samba versions 2.2.0 to 2.2.8 on Mac OS X PowerPC systems. It uses a brute-force approach to target return addresses and delivers a payload via a malformed SMB trans2open request.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.0 to 2.2.8 on Mac OS X PowerPC
No auth needed
Prerequisites: Network access to target SMB port (139) · Target running vulnerable Samba version on Mac OS X PowerPC
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotebsd_x86
https://www.exploit-db.com/exploits/16880

This is a Metasploit module exploiting a buffer overflow in Samba versions 2.2.0 to 2.2.8 on x86 BSD systems. It uses a brute-force approach to bypass stack randomization and achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.0 to 2.2.8
Auth required
Prerequisites: Network access to Samba service on port 139 · Samba version 2.2.0 to 2.2.8 · x86 BSD system without noexec stack protection
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Schizoprenic · cremotelinux
https://www.exploit-db.com/exploits/55

This exploit targets a vulnerability in Samba versions prior to 2.2.8, using a connect-back shellcode method to achieve remote root access. It includes shellcode for Linux and BSD systems and attempts to exploit the target via brute force.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba < 2.2.8
No auth needed
Prerequisites: Network access to vulnerable Samba server · Target system must be running a vulnerable version of Samba
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by eDSee · cremoteunix
https://www.exploit-db.com/exploits/22470

This exploit targets a buffer overflow vulnerability in Samba versions prior to 2.2.8, allowing remote code execution via a connect-back shellcode payload. It includes shellcode for Linux and BSD systems and uses brute-force methods to achieve exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba < 2.2.8
No auth needed
Prerequisites: Network access to vulnerable Samba server · Knowledge of target OS (Linux/BSD)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Xpl017Elz · cremoteunix
https://www.exploit-db.com/exploits/22468

This exploit targets a buffer overflow vulnerability in Samba v2.2.x (CVE-2003-0201) by sending maliciously crafted SMB packets to overwrite memory and execute arbitrary shellcode. The shellcode binds a shell to port 10000, allowing remote command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.8 and earlier, Samba-TNG 0.3.1 and earlier
No auth needed
Prerequisites: Network access to Samba server on port 139 · Vulnerable Samba version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by eSDee · cremotemultiple
https://www.exploit-db.com/exploits/10

This is a remote root exploit for Samba 2.2.x and prior, targeting multiple Linux and BSD distributions. It leverages a buffer overflow vulnerability to execute shellcode, providing either a bind shell or reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.x and prior
No auth needed
Prerequisites: Network access to the target system · Samba service running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by noir · textremoteunix
https://www.exploit-db.com/exploits/22471

The provided text describes a buffer overflow vulnerability in Samba versions 2.2.8 and earlier, as well as Samba-TNG 0.3.1 and earlier. The vulnerability allows an anonymous user to execute arbitrary commands with the privileges of the Samba process by corrupting memory through excessive data input.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Samba <= 2.2.8, Samba-TNG <= 0.3.1
No auth needed
Prerequisites: Network access to the Samba server · Samba server running a vulnerable version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by c0wboy · cremoteunix
https://www.exploit-db.com/exploits/22469

This exploit targets a buffer overflow vulnerability in Samba 2.2.x (CVE-2003-0201) by sending maliciously crafted packets to execute arbitrary shellcode. It includes a brute-force approach to guess the return address and establishes a reverse shell upon successful exploitation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Samba 2.2.8 and earlier, Samba-TNG 0.3.1 and earlier
No auth needed
Prerequisites: Network access to the target Samba server on port 139 · Target must be running a vulnerable version of Samba
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · rubyremoteosx
https://www.exploit-db.com/exploits/9924

This is a Metasploit module exploiting a buffer overflow in Samba (CVE-2003-0201) on Mac OS X PowerPC systems. It uses a brute-force approach to target return addresses and delivers a payload via a malformed SMB trans2open request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Samba 2.2.0 to 2.2.8 on Mac OS X (PowerPC)
No auth needed
Prerequisites: Network access to SMB port (139) · Vulnerable Samba version on Mac OS X PowerPC
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by H D Moore · perlremotelinux
https://www.exploit-db.com/exploits/7

This is a functional exploit for CVE-2003-0201, targeting a buffer overflow in Samba 2.2.x via the 'trans2open' function. It supports both single-shot and brute-force modes to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.x
No auth needed
Prerequisites: Network access to the target's Samba service (port 139) · Knowledge of the target's OS and architecture
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by KernelPan1k · remote
https://github.com/KernelPan1k/trans2open-CVE-2003-0201

This repository contains a functional exploit for CVE-2003-0201, a buffer overflow vulnerability in Samba versions 2.2.0 to 2.2.8. The exploit uses a connect-back shellcode to achieve remote code execution on vulnerable systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.0 to 2.2.8
No auth needed
Prerequisites: Vulnerable Samba version · Network access to the target · Noexec stack option not set on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP 1 stars
by Bakr-Ht · poc
https://github.com/Bakr-Ht/samba-trans2open-exploit-report

This repository provides a detailed technical walkthrough of exploiting CVE-2003-0201, a Samba Trans2Open vulnerability, using tools like Metasploit. It includes steps for network discovery, vulnerability identification, exploitation, and mitigation techniques.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba (versions affected by CVE-2003-0201)
No auth needed
Prerequisites: Network access to target · Samba service exposed on ports 139/445 · Metasploit framework
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP
by deepakkcybersec-eng · poc
https://github.com/deepakkcybersec-eng/Kioptrix-Level1-Vulnerability-Analysis

This repository provides a detailed technical analysis of the Kioptrix Level 1 vulnerability, focusing on CVE-2003-0201 (Samba trans2open heap overflow). It includes offensive and defensive strategies, remediation steps, and evidence of exploitation via Metasploit.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.1a
No auth needed
Prerequisites: Network access to target · Metasploit framework
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC GREAT
by hdm, jduck · rubypocsolaris
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/solaris/samba/trans2open.rb

This Metasploit module exploits a buffer overflow in Samba versions 2.2.0 to 2.2.8 on Solaris SPARC systems without noexec stack protection. It uses a brute-force approach to overwrite the return address and execute shellcode.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.0 to 2.2.8 on Solaris SPARC
No auth needed
Prerequisites: Network access to the target Samba service · Solaris SPARC system without noexec stack protection
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by hdm, jduck · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/samba/trans2open.rb

This Metasploit module exploits a buffer overflow in Samba versions 2.2.0 to 2.2.8 on x86 Linux systems without noexec stack protection. It leverages a brute-force approach to bypass ASLR and achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.0 to 2.2.8
No auth needed
Prerequisites: Network access to SMB port (139) · Anonymous access to IPC · x86 Linux system without noexec stack
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by hdm, jduck · rubypocosx
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/samba/trans2open.rb

This Metasploit module exploits a buffer overflow in Samba versions 2.2.0 to 2.2.8 on Mac OS X PowerPC systems via a malformed SMB trans2open request. It uses brute-forcing to bypass ASLR and delivers a payload for remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Samba 2.2.0 to 2.2.8 on Mac OS X PowerPC
No auth needed
Prerequisites: Network access to SMB port (139) · Target running vulnerable Samba version on Mac OS X PowerPC
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
by hdm, jduck · rubypocbsd
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/freebsd/samba/trans2open.rb

This Metasploit module exploits a buffer overflow in Samba versions 2.2.0 to 2.2.8 on x86 BSD systems. It uses a brute-force approach to bypass stack randomization and achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Samba 2.2.0 to 2.2.8
No auth needed
Prerequisites: Network access to Samba service on port 139 · Target system with executable stack (noexec not set)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104981682014565&w=2
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/7294
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104972664226781&w=2
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-280
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104994564212488&w=2
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/267873
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:044
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-137.html
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2003_025_samba.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104974612519064&w=2
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A567
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2163

Scores

EPSS 0.8843
EPSS Percentile 99.5%

Details

VulnCheck KEV 2017-06-20
Status published
Products (50)
apple/mac_os_x 10.2
apple/mac_os_x 10.2.1
apple/mac_os_x 10.2.2
apple/mac_os_x 10.2.3
apple/mac_os_x 10.2.4
compaq/tru64 4.0b
compaq/tru64 4.0d
compaq/tru64 4.0d_pk9_bl17
compaq/tru64 4.0f
compaq/tru64 4.0f_pk6_bl17
... and 40 more
Published May 05, 2003
Tracked Since Feb 18, 2026