CVE-2003-0686

pam_smb 1.1.6 - Buffer Overflow

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0686. PoCs published by vertex.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in pam_lib_smb < 1.1.6, allowing remote code execution via a crafted telnet negotiation and login sequence. It leverages shellcode injection to spawn a shell on vulnerable Linux systems (tested on Redhat 8.0, 9.0).

Description

Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code.

Exploits (1)

exploitdb WORKING POC VERIFIED
by vertex · cremotelinux
https://www.exploit-db.com/exploits/89

This exploit targets a buffer overflow vulnerability in pam_lib_smb < 1.1.6, allowing remote code execution via a crafted telnet negotiation and login sequence. It leverages shellcode injection to spawn a shell on vulnerable Linux systems (tested on Redhat 8.0, 9.0).

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: pam_lib_smb < 1.1.6
No auth needed
Prerequisites: Target must have pam_smb_auth.so configured in /etc/pam.d/login · Telnet service must be accessible on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Various Sources x_refsource_confirm
http://us2.samba.org/samba/ftp/pam_smb/
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000734
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-261.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106252769930090&w=2
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2003-262.html
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/680260
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/9611
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-374
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A469
Various Sources vendor-advisory x_refsource_turbo
http://www.turbolinux.com/security/TLSA-2003-50.txt

Scores

EPSS 0.2543
EPSS Percentile 97.7%

Details

Status published
Products (11)
dave_airlie/pam_smb 1.1
dave_airlie/pam_smb 1.1.1
dave_airlie/pam_smb 1.1.2
dave_airlie/pam_smb 1.1.3
dave_airlie/pam_smb 1.1.4
dave_airlie/pam_smb 1.1.5
dave_airlie/pam_smb 1.1.6
dave_airlie/pam_smb 2.0_rc4
redhat/pam_smb 1.1.6-2 (2 CPE variants)
redhat/pam_smb 1.1.6-5
... and 1 more
Published Oct 20, 2003
Tracked Since Feb 18, 2026