exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

CVE-2008-1105

Status Candidate

Overview

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

Related Files

VMware Security Advisory 2008-00011
Posted Jul 29, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX service console packages for Samba and vmnix have been released to address several security issues.

tags | advisory
advisories | CVE-2007-5001, CVE-2007-6151, CVE-2007-6206, CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2008-1669, CVE-2006-4814, CVE-2008-1105
MD5 | 2c0c4211e094aa9996f6e139c09e1e8b
Ubuntu Security Notice 617-2
Posted Jul 1, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 617-2 - USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-1105, CVE-2007-4572
MD5 | 1a96557d0ecb7fc857c3b1519608d098
HP Security Bulletin 2008-00.75
Posted Jun 28, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerabilities has been identified with HP-UX running HP CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-4572, CVE-2007-5398, CVE-2007-6015, CVE-2008-1105
MD5 | 6062acd3e10bdd7f313d85a01264ff04
Ubuntu Security Notice 617-1
Posted Jun 18, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 617-1 - Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-4572, CVE-2008-1105
MD5 | aa534b412941f7c7ac477625b6203640
Debian Linux Security Advisory 1590-1
Posted May 31, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1590-1 - Alin Rad Pop discovered that Samba contained a buffer overflow condition when processing certain responses received while acting as a client, leading to arbitrary code execution

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2008-1105
MD5 | fe58d0edc57780fbc8bfa5688ffbf607
Gentoo Linux Security Advisory 200805-23
Posted May 29, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-23 - Alin Rad Pop (Secunia Research) reported a vulnerability in Samba within the receive_smb_raw() function in the file lib/util_sock.c when parsing SMB packets, possibly leading to a heap-based buffer overflow via an overly large SMB packet. Versions less than 3.0.28a-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-1105
MD5 | 2f22783acef8220c60b0e1e321145329
secunia-smbraw.txt
Posted May 29, 2008
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "receive_smb_raw()" function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an "smb://" link) or by sending specially crafted packets to an "nmbd" server configured as a local or domain master browser. Samba versions 3.0.28a and 3.0.29 are affected.

tags | advisory, overflow, arbitrary, local
advisories | CVE-2008-1105
MD5 | 8b50b5f7f3e20c60bd7e3a2d316423ce
Mandriva Linux Security Advisory 2008-108
Posted May 29, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Although they forgot to put the problem description in this advisory, it appears that Mandriva has patched a code execution vulnerability in smbd from Samba.

tags | advisory, code execution
systems | linux, mandriva
advisories | CVE-2008-1105
MD5 | a11ca1994f253c876b0db00544a8cbbe
samba-exec.txt
Posted May 29, 2008
Authored by Alin Rad Pop | Site samba.org

Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd. This defect is is a result of an incorrect buffer size when parsing SMB replies in the routine receive_smb_raw(). Samba versions 3.0.0 through 3.0.29 are affected.

tags | advisory, arbitrary
advisories | CVE-2008-1105
MD5 | 7b01ce7a31f8258de1a442927454875b
Page 1 of 1
Back1Next

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    3 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    21 Files
  • 22
    Jan 22nd
    19 Files
  • 23
    Jan 23rd
    19 Files
  • 24
    Jan 24th
    8 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close