Launchpad.net

CVE 2008-1105

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

Related bugs and status

CVE-2008-1105 (Candidate) is related to these bugs:

Bug #180493: [SRU] nmbd shuts down when network disconnected

		In	Importance	Status
180493	[SRU] nmbd shuts down when network disconnected	samba (Ubuntu)	Medium	Fix Released
180493	[SRU] nmbd shuts down when network disconnected	samba	Medium	Fix Released
180493	[SRU] nmbd shuts down when network disconnected	samba (Debian)	Unknown	Fix Released
180493	[SRU] nmbd shuts down when network disconnected	samba (Ubuntu Hardy)	Undecided	Fix Released
180493	[SRU] nmbd shuts down when network disconnected	samba (Ubuntu Intrepid)	Medium	Fix Released

Bug #235912: [CVE-2008-1105] Samba: boundary failure when parsing SMB responses

		In	Importance	Status
235912	[CVE-2008-1105] Samba: boundary failure when parsing SMB responses	samba (Ubuntu)	Undecided	Fix Released
235912	[CVE-2008-1105] Samba: boundary failure when parsing SMB responses	samba (Debian)	Unknown	Fix Released
235912	[CVE-2008-1105] Samba: boundary failure when parsing SMB responses	samba (Arch Linux)	Undecided	Fix Released
235912	[CVE-2008-1105] Samba: boundary failure when parsing SMB responses	samba (Ubuntu Dapper)	High	Fix Released
235912	[CVE-2008-1105] Samba: boundary failure when parsing SMB responses	samba (Ubuntu Feisty)	High	Fix Released
235912	[CVE-2008-1105] Samba: boundary failure when parsing SMB responses	samba (Ubuntu Hardy)	High	Fix Released
235912	[CVE-2008-1105] Samba: boundary failure when parsing SMB responses	samba (Ubuntu Gutsy)	High	Fix Released

Bug #241448: Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).

		In	Importance	Status
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	totem (Ubuntu)	Undecided	Invalid
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	samba (Ubuntu)	Undecided	Fix Released
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	samba (Ubuntu Dapper)	Undecided	Fix Released
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	totem (Ubuntu Dapper)	Undecided	Invalid
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	samba (Ubuntu Feisty)	Undecided	Fix Released
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	totem (Ubuntu Feisty)	Undecided	Invalid
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	samba (Ubuntu Gutsy)	Undecided	Fix Released
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	totem (Ubuntu Gutsy)	Undecided	Invalid
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	samba (Ubuntu Hardy)	Undecided	Fix Released
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	totem (Ubuntu Hardy)	Undecided	Invalid
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	samba	High	Fix Released
241448	Playing from Samba SMB shared folder now is not possible (it could be done until last upgrade).	The Dell Mini Project	Undecided	New

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/sec...
CONFIRM: http://www.samba.org/s...
BID: 29404
SECTRACK: 1020123
SECUNIA: 30228
SECUNIA: 30385
SUSE: SUSE-SA:2008:026
SECUNIA: 30543
SECUNIA: 30489
UBUNTU: USN-617-1
SECUNIA: 30736
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2008-06-30
HP: HPSBUX02341
HP: SSRT080075
SECUNIA: 30835
SECUNIA: 30802
UBUNTU: USN-617-2
MLIST: [Security-announce] 20...
SECUNIA: 31246
CONFIRM: http://www.xerox.com/d...
BID: 31255
SECUNIA: 31911
SECUNIA: 30396
SUNALERT: 249086
SECUNIA: 33696
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1590
FEDORA: FEDORA-2008-4679
FEDORA: FEDORA-2008-4724
FEDORA: FEDORA-2008-4797
SECUNIA: 30449
SECUNIA: 30478
GENTOO: GLSA-200805-23
MANDRIVA: MDVSA-2008:108
REDHAT: RHSA-2008:0288
REDHAT: RHSA-2008:0289
REDHAT: RHSA-2008:0290
SECUNIA: 30442
VUPEN: ADV-2008-1681
VUPEN: ADV-2008-1908
VUPEN: ADV-2008-1981
VUPEN: ADV-2008-2222
VUPEN: ADV-2008-2639
SLACKWARE: SSA:2008-149-01
XF: xerox-controller-samba...
XF: samba-receivesmbraw-bo...
EXPLOIT-DB: 5712
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080528 [SAMBA] CVE-2...
BUGTRAQ: 20080602 rPSA-2008-018...
BUGTRAQ: 20080529 Secunia Resea...