Content
UNIX/Exploit-Samba
- Type
- Malware
- SubType
- Exploit
- Discovery Date
- 04/09/2003
- Length
- 14,313 bytes
- Minimum DAT
- 4258 (04/16/2003)
- Updated DAT
- 4314 (01/14/2004)
- Minimum Engine
- 5.1.00
- Description Added
- 04/09/2003
- Description Modified
- 04/16/2003 4:23 PM (PT)
Risk Assessment
- Corporate User
- Low-Profiled
- Home User
- Low-Profiled
Tab Navigation
Characteristics
This threat has been assigned a risk assessment of Low-Profiled due to the media at News.Com article "Samba flaw threatens Linux file servers".
The 4258 dats will include detection for an exploit in Samba 2.2.x called "trans2root.pl". It causes a buffer overflow which allows arbitrary code to be executed on the remote server.
For more information on this vulnerability see Samba.org.Symptoms
N/A. This script is run locally by a user who is aware of its purpose.
Method of Infection
N/A
Removal
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Variants
Variants
N/A
All Information
Overview -
Characteristics
Characteristics -
This threat has been assigned a risk assessment of Low-Profiled due to the media at News.Com article "Samba flaw threatens Linux file servers".
The 4258 dats will include detection for an exploit in Samba 2.2.x called "trans2root.pl". It causes a buffer overflow which allows arbitrary code to be executed on the remote server.
For more information on this vulnerability see Samba.org.Symptoms
Symptoms -
N/A. This script is run locally by a user who is aware of its purpose.
Method of Infection
Method of Infection -
N/A
Removal -
Removal -
All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
