SAMBA trans2 exploit v1.23 Vulnerability exploited: CAN-2003-0201 - BID-7294 Category: Exploits/Remote Exploits an incorrect string copy in SAMBA server and installs a level0 agent. An anonymous user can gain remote root access due to a buffer overflow caused by a StrnCpy() into a char array (fname) using a non-constant length (namelen). Supported Systems: Mandrake Linux 8.1 (i386) Mandrake Linux 8.2 (i386) RedHat Linux 8 (i386) RedHat Linux 7.2 (i386) RedHat Linux 7.3 (i386) Debian Linux 3 (i386) Samba 2.2.1a running under Mandrake 8.1 kernel 2.4.8-26mdk/x86 Samba 2.2.3a running under Mandrake 8.2 kernel 2.4.18-6mdk/x86 Samba 2.2.5 running under RedHat 8.0 kernel 2.4.18-24 Samba 2.2.1a running under RedHat 7.2 kernel 2.4.18-3 Samba 2.2.3a running under RedHat 7.3 kernel 2.4.18-3smp/x86 Samba 2.2.7a running under Debian 3.0 kernel 2.4.19 This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.