what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2008-1105

Status Candidate

Overview

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

Related Files

VMware Security Advisory 2008-00011
Posted Jul 29, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX service console packages for Samba and vmnix have been released to address several security issues.

tags | advisory
advisories | CVE-2007-5001, CVE-2007-6151, CVE-2007-6206, CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2008-1669, CVE-2006-4814, CVE-2008-1105
SHA-256 | 904341d65768747a7481991de55dc59d733b5d767c3855c8baedad9846f2ec4b
Ubuntu Security Notice 617-2
Posted Jul 1, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 617-2 - USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2008-1105, CVE-2007-4572
SHA-256 | aedade276cad75bed9e726de4e15495540317af2e4d33ed424abaeb103c40acd
HP Security Bulletin 2008-00.75
Posted Jun 28, 2008
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerabilities has been identified with HP-UX running HP CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-4572, CVE-2007-5398, CVE-2007-6015, CVE-2008-1105
SHA-256 | b07a1969c9e19ab44a7eaed0477dc1a152f0151edef73b9f1b6a086e45449019
Ubuntu Security Notice 617-1
Posted Jun 18, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 617-1 - Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-4572, CVE-2008-1105
SHA-256 | 276d35f0f3b3e4919e10e83c86c464d0adb8a1a87c631477af2860dbb661323e
Debian Linux Security Advisory 1590-1
Posted May 31, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1590-1 - Alin Rad Pop discovered that Samba contained a buffer overflow condition when processing certain responses received while acting as a client, leading to arbitrary code execution

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2008-1105
SHA-256 | aec232a5c875938b2d0d347e657fd94ca95fa622a6dd6d5c3ac988310ebc378f
Gentoo Linux Security Advisory 200805-23
Posted May 29, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-23 - Alin Rad Pop (Secunia Research) reported a vulnerability in Samba within the receive_smb_raw() function in the file lib/util_sock.c when parsing SMB packets, possibly leading to a heap-based buffer overflow via an overly large SMB packet. Versions less than 3.0.28a-r1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-1105
SHA-256 | 3f9e9dd3adb60e4eb8140bd18d5033ea15f945efa690a4bd05de80413f537cf0
secunia-smbraw.txt
Posted May 29, 2008
Authored by Alin Rad Pop | Site secunia.com

Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "receive_smb_raw()" function in lib/util_sock.c when parsing SMB packets. This can be exploited to cause a heap-based buffer overflow via an overly large SMB packet received in a client context. Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an "smb://" link) or by sending specially crafted packets to an "nmbd" server configured as a local or domain master browser. Samba versions 3.0.28a and 3.0.29 are affected.

tags | advisory, overflow, arbitrary, local
advisories | CVE-2008-1105
SHA-256 | ace1e3490d62e1305a8527f476f4dc946ef19f53a86ef8ec100f95d0c1a120a2
Mandriva Linux Security Advisory 2008-108
Posted May 29, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Although they forgot to put the problem description in this advisory, it appears that Mandriva has patched a code execution vulnerability in smbd from Samba.

tags | advisory, code execution
systems | linux, mandriva
advisories | CVE-2008-1105
SHA-256 | 21b686bd634e77933c5f1e0116a026535e27dd376f6a34224ced1eab451679ce
samba-exec.txt
Posted May 29, 2008
Authored by Alin Rad Pop | Site samba.org

Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd. This defect is is a result of an incorrect buffer size when parsing SMB replies in the routine receive_smb_raw(). Samba versions 3.0.0 through 3.0.29 are affected.

tags | advisory, arbitrary
advisories | CVE-2008-1105
SHA-256 | d7003f1c28c2ad87af590b45027e0424a9db86f02438797d09885e024d61f3e7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    0 Files
  • 7
    Mar 7th
    0 Files
  • 8
    Mar 8th
    0 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    0 Files
  • 14
    Mar 14th
    0 Files
  • 15
    Mar 15th
    0 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close