PUBLISHED DATE: December 31, 2002CVE-2002-2196:
Buffer Overflow Vulnerability

Description

Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.

Products

• Samba Samba
• Samba Samba
• Samba 1.9.17
• Samba 1.9.17 p1
• Samba 1.9.17 p2
• Samba 1.9.17 p3
• Samba 1.9.17 p4
• Samba 1.9.17 p5
• Samba 1.9.18
• Samba 1.9.18
• Samba 1.9.18 p10
• Samba 1.9.18 p1
• Samba 1.9.18 p2
• Samba 1.9.18 p3
• Samba 1.9.18 p4
• Samba 1.9.18 p5
• Samba 1.9.18 p6
• Samba 1.9.18 p7
• Samba 1.9.18 p8
• Samba 2.0.0
• Samba 2.0.10
• Samba 2.0.1
• Samba 2.0.2
• Samba 2.0.3
• Samba 2.0.4
• Samba 2.0.5
• Samba 2.0.5
• Samba 2.0.5a
• Samba Samba 2.0.5a
• Samba 2.0.6
• Samba 2.0.7
• Samba 2.0.8
• Samba 2.0.9
• Samba Samba 2.0
• Samba 2.2.0
• Samba 2.2.0
• Samba 2.2.0a
• Samba Samba 2.2.0a
• Samba 2.2.1
• Samba 2.2.1
• Samba 2.2.1a
• Samba Samba 2.2.1a
• Samba 2.2.2
• Samba 2.2.3
• Samba 2.2.3
• Samba 2.2.3a
• Samba Samba 2.2.3a
• Samba 2.2.4
• Samba 2.2a
• Samba Samba 2.2a

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2002-2196, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2002-2196 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• http://webappsec.pbworks.com/Buffer-Overflow
• https://capec.mitre.org/data/definitions/10.html
• https://capec.mitre.org/data/definitions/100.html
• https://capec.mitre.org/data/definitions/123.html
• https://capec.mitre.org/data/definitions/14.html
• https://capec.mitre.org/data/definitions/24.html
• https://capec.mitre.org/data/definitions/42.html
• https://capec.mitre.org/data/definitions/44.html
• https://capec.mitre.org/data/definitions/45.html
• https://capec.mitre.org/data/definitions/46.html
• https://capec.mitre.org/data/definitions/47.html
• https://capec.mitre.org/data/definitions/8.html
• https://capec.mitre.org/data/definitions/9.html
• https://nvd.nist.gov/vuln/detail/CVE-2002-2196