-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure when parsing SMB responses == can result in a buffer overrun == == CVE ID#: CVE-2008-1105 == == Versions: Samba 3.0.0 - 3.0.29 (inclusive) == == Summary: Specifically crafted SMB responses can result == in a heap overflow in the Samba client code. == Because the server process, smbd, can itself == act as a client during operations such as == printer notification and domain authentication, == this issue affects both Samba client and server == installations. == ========================================================== =========== Description =========== Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd. This defect is is a result of an incorrect buffer size when parsing SMB replies in the routine receive_smb_raw(). ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 3.0.30 has been issued as a security release to correct the defect. Samba administrators are advised to upgrade to 3.0.30 or apply the patch as soon as possible. ======= Credits ======= This vulnerability was reported to Samba developers by Alin Rad Pop, Secunia Research. The time line is as follows: * May 15, 2008: Initial report to security@samba.org. * May 15, 2008: First response from Samba developers confirming the bug along with a proposed patch. * May 28, 2008: Public security advisory made available. ========================================================== == Our Code, Our Bugs, Our Responsibility. == The Samba Team ========================================================== -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIPXTkIR7qMdg1EfYRAhaqAJ0cA6XoFP7debyYutME9fYTenfNVgCguM0I nppfSSUdqtpbxbESEXjrnhU= =1yBZ -----END PGP SIGNATURE-----