Gerald (Jerry) Carter
2008-May-28 15:09 UTC
[SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB responses
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================ Subject: Boundary failure when parsing SMB responses == can result in a buffer overrun === CVE ID#: CVE-2008-1105 === Versions: Samba 3.0.0 - 3.0.29 (inclusive) === Summary: Specifically crafted SMB responses can result == in a heap overflow in the Samba client code. == Because the server process, smbd, can itself == act as a client during operations such as == printer notification and domain authentication, == this issue affects both Samba client and server == installations. ========================================================== ==========Description ========== Secunia Research reported a vulnerability that allows for the execution of arbitrary code in smbd. This defect is is a result of an incorrect buffer size when parsing SMB replies in the routine receive_smb_raw(). =================Patch Availability ================= A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 3.0.30 has been issued as a security release to correct the defect. Samba administrators are advised to upgrade to 3.0.30 or apply the patch as soon as possible. ======Credits ====== This vulnerability was reported to Samba developers by Alin Rad Pop, Secunia Research. The time line is as follows: * May 15, 2008: Initial report to security@samba.org. * May 15, 2008: First response from Samba developers confirming the bug along with a proposed patch. * May 28, 2008: Public security advisory made available. =========================================================== Our Code, Our Bugs, Our Responsibility. == The Samba Team ========================================================= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIPXKmIR7qMdg1EfYRAmzEAJ918MzPwlcqMvCXaukEW+Jh1TQn0QCfV9nB EqdCurWVHDPTtsNW5b6b+e8=JEaz -----END PGP SIGNATURE-----