what you don't know can hurt you
Showing 1 - 9 of 9 RSS Feed

CVE-2008-1105

Status Candidate

Overview

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

Related Files

VMware Security Advisory 2008-00011
Posted Jul 29, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX service console packages for Samba and vmnix have been released to address several security issues.

tags | advisory
advisories | CVE-2007-5001, CVE-2007-6151, CVE-2007-6206, CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2008-1669, CVE-2006-4814, CVE-2008-1105
MD5 | 2c0c4211e094aa9996f6e139c09e1e8b
Ubuntu Security Notice 617-2
Posted Jul 1, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 617-2 - USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-1105, CVE-2007-4572
MD5 | 1a96557d0ecb7fc857c3b1519608d098
HP Security Bulletin 2008-00.75
Posted Jun 28, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerabilities has been identified with HP-UX running HP CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-4572, CVE-2007-5398, CVE-2007-6015, CVE-2008-1105
MD5 | 6062acd3e10bdd7f313d85a01264ff04
Ubuntu Security Notice 617-1
Posted Jun 18, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 617-1 - Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-4572, CVE-2008-1105
MD5 | aa534b412941f7c7ac477625b6203640
Debian Linux Security Advisory 1590-1
Posted May 31, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1590-1 - Alin Rad Pop discovered that Samba contained a buffer overflow condition when processing certain responses received while acting as a client, leading to arbitrary code execution

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2008-1105
MD5 | fe58d0edc57780fbc8bfa5688ffbf607
Gentoo Linux Security Advisory 200805-23
Posted May 29, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-23 - Alin Rad Pop (Secunia Research) reported a vulnerability in Samba within the receive_smb_raw() function in the file lib/util_sock.c when parsing SMB packets, possibly leading to a heap-based buffer overflow via an overly large SMB packet. Versions less than 3.0.28a-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-1105
MD5 | 2f22783acef8220c60b0e1e321145329
secunia-smbraw.txt
Posted May 29, 2008
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "receive_smb_raw()" function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an "smb://" link) or by sending specially crafted packets to an "nmbd" server configured as a local or domain master browser. Samba versions 3.0.28a and 3.0.29 are affected.

tags | advisory, overflow, arbitrary, local
advisories | CVE-2008-1105
MD5 | 8b50b5f7f3e20c60bd7e3a2d316423ce
Mandriva Linux Security Advisory 2008-108
Posted May 29, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Although they forgot to put the problem description in this advisory, it appears that Mandriva has patched a code execution vulnerability in smbd from Samba.

tags | advisory, code execution
systems | linux, mandriva
advisories | CVE-2008-1105
MD5 | a11ca1994f253c876b0db00544a8cbbe
samba-exec.txt
Posted May 29, 2008
Authored by Alin Rad Pop | Site samba.org

Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd. This defect is is a result of an incorrect buffer size when parsing SMB replies in the routine receive_smb_raw(). Samba versions 3.0.0 through 3.0.29 are affected.

tags | advisory, arbitrary
advisories | CVE-2008-1105
MD5 | 7b01ce7a31f8258de1a442927454875b
Page 1 of 1
Back1Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    15 Files
  • 4
    Jun 4th
    25 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close