Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1105

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1105
Last Modified 07 Mar 2011 10:05:57
Published 29 May 2008 12:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1105

Summary

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

Vulnerable Systems

Application

  • Samba 3.0.28a

  • Samba 3.0.29


References

BID - 29404

FEDORA - FEDORA-2008-4797

FEDORA - FEDORA-2008-4724

FEDORA - FEDORA-2008-4679

XF - xerox-controller-samba-code-execution(45251)

XF - samba-receivesmbraw-bo(42664)

HP - HPSBUX02341

CONFIRM - http://www.xerox.com/downloads/usa/en/c/cert_XRX08_009.pdf

VUPEN - ADV-2008-2639

VUPEN - ADV-2008-2222

VUPEN - ADV-2008-1981

VUPEN - ADV-2008-1908

VUPEN - ADV-2008-1681

UBUNTU - USN-617-2

UBUNTU - USN-617-1

BID - 31255

BUGTRAQ - 20080602 rPSA-2008-0180-1 samba samba-client samba-server samba-swat

BUGTRAQ - 20080529 Secunia Research: Samba "receive_smb_raw()" Buffer OverflowVulnerability

BUGTRAQ - 20080528 [SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses

CONFIRM - http://www.samba.org/samba/security/CVE-2008-1105.html

REDHAT - RHSA-2008:0290

REDHAT - RHSA-2008:0289

REDHAT - RHSA-2008:0288

MILW0RM - 5712

MANDRIVA - MDVSA-2008:108

DEBIAN - DSA-1590

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0180

CONFIRM - http://support.apple.com/kb/HT2163

SUNALERT - 249086

SLACKWARE - SSA:2008-149-01

SECTRACK - 1020123

GENTOO - GLSA-200805-23

MISC - http://secunia.com/secunia_research/2008-20/advisory/

SECUNIA - 33696

SECUNIA - 31911

SECUNIA - 31246

SECUNIA - 30835

SECUNIA - 30802

SECUNIA - 30736

SECUNIA - 30543

SECUNIA - 30489

SECUNIA - 30478

SECUNIA - 30449

SECUNIA - 30442

SECUNIA - 30396

SECUNIA - 30385

SECUNIA - 30228

MLIST - [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix

SUSE - SUSE-SA:2008:026

APPLE - APPLE-SA-2008-06-30

HP - SSRT080075

Related Patches

Apple 2008-06-30 Security Update 2008-004 (PPC)

Apple 2008-06-30 Security Update 2008-004 Server (PPC)

Apple 2008-06-30 Security Update 2008-004 (Intel)

Apple 2008-06-30 Mac OS X Server 10.5.4 Combo Update

Apple 2008-06-30 Mac OS X 10.5.4 Update

Apple 2008-06-30 Security Update 2008-004 Server (Intel)

Apple 2008-06-30 Mac OS X Server 10.5.4 Update

Apple 2008-06-30 Mac OS X 10.5.4 Combo Update


Last Updated: 27 May 2016 10:47:28