Rapid7 Vulnerability & Exploit Database

RHSA-2008:0290: samba security and bug fix update

Back to Search

RHSA-2008:0290: samba security and bug fix update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
05/29/2008
Created
07/25/2018
Added
07/08/2008
Modified
07/04/2017

Description

Samba is a suite of programs used by machines to share files, printers, andother information.A heap-based buffer overflow flaw was found in the way Samba clients handleover-sized packets. If a client connected to a malicious Samba server, itwas possible to execute arbitrary code as the Samba client user. It wasalso possible for a remote user to send a specially crafted print requestto a Samba server that could result in the server executing the vulnerableclient code, resulting in arbitrary code execution with the permissions ofthe Samba server. (CVE-2008-1105)Red Hat would like to thank Alin Rad Pop of Secunia Research forresponsibly disclosing this issue.This update also addresses two issues which prevented Samba from joiningcertain Windows domains with tightened security policies, and preventedcertain signed SMB content from working as expected:Users of Samba are advised to upgrade to these updated packages, whichcontain a backported patch to resolve these issues.

Solution(s)

  • redhat-upgrade-samba
  • redhat-upgrade-samba-client
  • redhat-upgrade-samba-common
  • redhat-upgrade-samba-swat

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;