*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: samba CVE-2008-1105 description: "Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response." http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-1105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1105 "Boundary failure when parsing SMB responses can result in a buffer overrun Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations." http://www.samba.org/samba/security/CVE-2008-1105.html Patch: http://www.samba.org/samba/ftp/patches/security/samba-3.0.29-CVE-2008-1105.patch ** Affects: samba (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1105 -- [CVE-2008-1105] Samba: boundary failure when parsing SMB responses https://bugs.launchpad.net/bugs/235912 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
