Executive Summary

Summary
Title samba security update
Informations
Name RHSA-2008:0289 First vendor Publication 2008-05-28
Vendor RedHat Last vendor Modification 2008-05-28
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated samba packages that fix a security issue are now available for Red Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4.5.z - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux ES version 4.5.z - i386, ia64, x86_64

3. Description:

Samba is a suite of programs used by machines to share files, printers, and other information.

A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. It was also possible for a remote user to send a specially crafted print request to a Samba server that could result in the server executing the vulnerable client code, resulting in arbitrary code execution with the permissions of the Samba server. (CVE-2008-1105)

Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.

Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

446724 - CVE-2008-1105 Samba client buffer overflow

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2008-0289.html

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10020
 
Oval ID: oval:org.mitre.oval:def:10020
Title: Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
Description: Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1105
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17391
 
Oval ID: oval:org.mitre.oval:def:17391
Title: USN-617-1 -- samba vulnerabilities
Description: Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests.
Family: unix Class: patch
Reference(s): USN-617-1
CVE-2007-4572
CVE-2008-1105
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17424
 
Oval ID: oval:org.mitre.oval:def:17424
Title: USN-617-2 -- samba regression
Description: USN-617-1 fixed vulnerabilities in Samba.
Family: unix Class: patch
Reference(s): USN-617-2
CVE-2007-4572
CVE-2008-1105
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18720
 
Oval ID: oval:org.mitre.oval:def:18720
Title: DSA-1590-1 samba - arbitrary code execution
Description: Alin Rad Pop discovered that Samba contained a buffer overflow condition when processing certain responses received while acting as a client, leading to arbitrary code execution (<a href="http://security-tracker.debian.org/tracker/CVE-2008-1105">CVE-2008-1105</a>).
Family: unix Class: patch
Reference(s): DSA-1590-1
CVE-2008-1105
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21727
 
Oval ID: oval:org.mitre.oval:def:21727
Title: ELSA-2008:0290: samba security and bug fix update (Critical)
Description: Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
Family: unix Class: patch
Reference(s): ELSA-2008:0290-01
CVE-2008-1105
Version: 6
Platform(s): Oracle Linux 5
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5733
 
Oval ID: oval:org.mitre.oval:def:5733
Title: HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code
Description: Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1105
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8331
 
Oval ID: oval:org.mitre.oval:def:8331
Title: DSA-1590 samba -- buffer overflow
Description: Alin Rad Pop discovered that Samba contained a buffer overflow condition when processing certain responses received while acting as a client, leading to arbitrary code execution (CVE-2008-1105).
Family: unix Class: patch
Reference(s): DSA-1590
CVE-2008-1105
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): samba
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 128
Os 4
Os 1

OpenVAS Exploits

Date Description
2010-05-12 Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : SLES10: Security update for Samba
File : nvt/sles10_cifs-mount0.nasl
2009-10-10 Name : SLES9: Security update for Samba
File : nvt/sles9p5027560.nasl
2009-05-05 Name : HP-UX Update for HP CIFS Server (Samba) HPSBUX02341
File : nvt/gb_hp_ux_HPSBUX02341.nasl
2009-03-23 Name : Ubuntu Update for samba regression USN-617-2
File : nvt/gb_ubuntu_USN_617_2.nasl
2009-03-23 Name : Ubuntu Update for samba vulnerabilities USN-617-1
File : nvt/gb_ubuntu_USN_617_1.nasl
2009-03-06 Name : RedHat Update for samba RHSA-2008:0288-01
File : nvt/gb_RHSA-2008_0288-01_samba.nasl
2009-03-06 Name : RedHat Update for samba RHSA-2008:0290-01
File : nvt/gb_RHSA-2008_0290-01_samba.nasl
2009-02-27 Name : CentOS Update for samba CESA-2008:0288-01 centos2 i386
File : nvt/gb_CESA-2008_0288-01_samba_centos2_i386.nasl
2009-02-27 Name : CentOS Update for samba CESA-2008:0288 centos3 i386
File : nvt/gb_CESA-2008_0288_samba_centos3_i386.nasl
2009-02-27 Name : CentOS Update for samba CESA-2008:0288 centos3 x86_64
File : nvt/gb_CESA-2008_0288_samba_centos3_x86_64.nasl
2009-02-17 Name : Fedora Update for samba FEDORA-2008-4797
File : nvt/gb_fedora_2008_4797_samba_fc7.nasl
2009-02-17 Name : Fedora Update for samba FEDORA-2008-7243
File : nvt/gb_fedora_2008_7243_samba_fc9.nasl
2009-02-17 Name : Fedora Update for samba FEDORA-2008-4724
File : nvt/gb_fedora_2008_4724_samba_fc9.nasl
2009-02-17 Name : Fedora Update for samba FEDORA-2008-4679
File : nvt/gb_fedora_2008_4679_samba_fc8.nasl
2009-02-16 Name : Fedora Update for samba FEDORA-2008-10638
File : nvt/gb_fedora_2008_10638_samba_fc8.nasl
2009-02-16 Name : Fedora Update for samba FEDORA-2008-10518
File : nvt/gb_fedora_2008_10518_samba_fc9.nasl
2009-01-23 Name : SuSE Update for samba SUSE-SA:2008:026
File : nvt/gb_suse_2008_026.nasl
2009-01-13 Name : Fedora Core 9 FEDORA-2009-0268 (samba)
File : nvt/fcore_2009_0268.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200805-23 (samba)
File : nvt/glsa_200805_23.nasl
2008-09-06 Name : Samba 3.0.0 > 3.0.29 vulnerability
File : nvt/samba_CB-A08-0085.nasl
2008-06-11 Name : Debian Security Advisory DSA 1590-1 (samba)
File : nvt/deb_1590_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-149-01 samba
File : nvt/esoft_slk_ssa_2008_149_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
45657 Samba lib/util_sock.c receive_smb_raw() Function Crafted Packet Handling Over...

Snort® IPS/IDS

Date Description
2015-01-06 SMB server response heap overflow attempt
RuleID : 32631 - Revision : 2 - Type : NETBIOS
2014-01-10 SMB server response heap overflow attempt
RuleID : 13901 - Revision : 16 - Type : NETBIOS

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0290.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0288.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0289.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080528_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080528_samba_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0290.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12165.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2008-0011.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-108.nasl - Type : ACT_GATHER_INFO
2008-09-19 Name : The remote multi-function device allows execution of arbitrary code.
File : xerox_xrx08_009.nasl - Type : ACT_GATHER_INFO
2008-07-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-617-2.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO
2008-06-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-617-1.nasl - Type : ACT_GATHER_INFO
2008-06-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cifs-mount-5292.nasl - Type : ACT_GATHER_INFO
2008-06-05 Name : The remote openSUSE host is missing a security update.
File : suse_cifs-mount-5294.nasl - Type : ACT_GATHER_INFO
2008-06-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200805-23.nasl - Type : ACT_GATHER_INFO
2008-06-02 Name : The remote Fedora host is missing a security update.
File : fedora_2008-4797.nasl - Type : ACT_GATHER_INFO
2008-06-02 Name : The remote Fedora host is missing a security update.
File : fedora_2008-4724.nasl - Type : ACT_GATHER_INFO
2008-06-02 Name : The remote Fedora host is missing a security update.
File : fedora_2008-4679.nasl - Type : ACT_GATHER_INFO
2008-06-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1590.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0288.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote Samba server may be affected by a buffer overflow vulnerability.
File : samba_3_0_30.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0290.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-149-01.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0288.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:51:38
  • Multiple Updates