*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: samba CVE-2008-1105 description: "Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response." http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1105 "Boundary failure when parsing SMB responses can result in a buffer overrun Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations." http://www.samba.org/samba/security/CVE-2008-1105.html Patch: http://www.samba.org/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch ** Affects: samba (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1105 -- [CVE-2008-1105] Samba: boundary failure when parsing SMB responses https://bugs.launchpad.net/bugs/235912 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
