Executive Summary

Summary
Title Sun Alert 249086 Security Vulnerability in samba(7) Specially Crafted Packet May Allow Execution of Arbitrary Code With Root Privileges
Informations
Name SUN-249086 First vendor Publication 2009-01-12
Vendor Sun Last vendor Modification 2009-01-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 9 Operating System Solaris 10 Operating System

A heap-based buffer overflow in the Samba client (SMBCLIENT(1)) may allow a remote unprivileged user to execute arbitrary code using a crafted SMB response. Since the Samba daemon (smbd(1M)) can also act as the client during operations such as printer notification and domain authentication, this issue affects both the Samba client and server.

Additional information on this issue can be found in the following document:


State: Resolved
First released: 12-Jan-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_249086_security_vulnerability

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10020
 
Oval ID: oval:org.mitre.oval:def:10020
Title: Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
Description: Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1105
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17391
 
Oval ID: oval:org.mitre.oval:def:17391
Title: USN-617-1 -- samba vulnerabilities
Description: Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests.
Family: unix Class: patch
Reference(s): USN-617-1
CVE-2007-4572
CVE-2008-1105
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17424
 
Oval ID: oval:org.mitre.oval:def:17424
Title: USN-617-2 -- samba regression
Description: USN-617-1 fixed vulnerabilities in Samba.
Family: unix Class: patch
Reference(s): USN-617-2
CVE-2007-4572
CVE-2008-1105
Version: 7
Platform(s): Ubuntu 6.06
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18720
 
Oval ID: oval:org.mitre.oval:def:18720
Title: DSA-1590-1 samba - arbitrary code execution
Description: Alin Rad Pop discovered that Samba contained a buffer overflow condition when processing certain responses received while acting as a client, leading to arbitrary code execution (<a href="http://security-tracker.debian.org/tracker/CVE-2008-1105">CVE-2008-1105</a>).
Family: unix Class: patch
Reference(s): DSA-1590-1
CVE-2008-1105
Version: 7
Platform(s): Debian GNU/Linux 4.0
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21727
 
Oval ID: oval:org.mitre.oval:def:21727
Title: ELSA-2008:0290: samba security and bug fix update (Critical)
Description: Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
Family: unix Class: patch
Reference(s): ELSA-2008:0290-01
CVE-2008-1105
Version: 6
Platform(s): Oracle Linux 5
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5733
 
Oval ID: oval:org.mitre.oval:def:5733
Title: HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code
Description: Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.
Family: unix Class: vulnerability
Reference(s): CVE-2008-1105
Version: 9
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8331
 
Oval ID: oval:org.mitre.oval:def:8331
Title: DSA-1590 samba -- buffer overflow
Description: Alin Rad Pop discovered that Samba contained a buffer overflow condition when processing certain responses received while acting as a client, leading to arbitrary code execution (CVE-2008-1105).
Family: unix Class: patch
Reference(s): DSA-1590
CVE-2008-1105
Version: 3
Platform(s): Debian GNU/Linux 4.0
Product(s): samba
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2010-05-12 Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13 Name : SLES10: Security update for Samba
File : nvt/sles10_cifs-mount0.nasl
2009-10-10 Name : SLES9: Security update for Samba
File : nvt/sles9p5027560.nasl
2009-05-05 Name : HP-UX Update for HP CIFS Server (Samba) HPSBUX02341
File : nvt/gb_hp_ux_HPSBUX02341.nasl
2009-03-23 Name : Ubuntu Update for samba regression USN-617-2
File : nvt/gb_ubuntu_USN_617_2.nasl
2009-03-23 Name : Ubuntu Update for samba vulnerabilities USN-617-1
File : nvt/gb_ubuntu_USN_617_1.nasl
2009-03-06 Name : RedHat Update for samba RHSA-2008:0288-01
File : nvt/gb_RHSA-2008_0288-01_samba.nasl
2009-03-06 Name : RedHat Update for samba RHSA-2008:0290-01
File : nvt/gb_RHSA-2008_0290-01_samba.nasl
2009-02-27 Name : CentOS Update for samba CESA-2008:0288-01 centos2 i386
File : nvt/gb_CESA-2008_0288-01_samba_centos2_i386.nasl
2009-02-27 Name : CentOS Update for samba CESA-2008:0288 centos3 i386
File : nvt/gb_CESA-2008_0288_samba_centos3_i386.nasl
2009-02-27 Name : CentOS Update for samba CESA-2008:0288 centos3 x86_64
File : nvt/gb_CESA-2008_0288_samba_centos3_x86_64.nasl
2009-02-17 Name : Fedora Update for samba FEDORA-2008-4797
File : nvt/gb_fedora_2008_4797_samba_fc7.nasl
2009-02-17 Name : Fedora Update for samba FEDORA-2008-7243
File : nvt/gb_fedora_2008_7243_samba_fc9.nasl
2009-02-17 Name : Fedora Update for samba FEDORA-2008-4724
File : nvt/gb_fedora_2008_4724_samba_fc9.nasl
2009-02-17 Name : Fedora Update for samba FEDORA-2008-4679
File : nvt/gb_fedora_2008_4679_samba_fc8.nasl
2009-02-16 Name : Fedora Update for samba FEDORA-2008-10638
File : nvt/gb_fedora_2008_10638_samba_fc8.nasl
2009-02-16 Name : Fedora Update for samba FEDORA-2008-10518
File : nvt/gb_fedora_2008_10518_samba_fc9.nasl
2009-01-23 Name : SuSE Update for samba SUSE-SA:2008:026
File : nvt/gb_suse_2008_026.nasl
2009-01-13 Name : Fedora Core 9 FEDORA-2009-0268 (samba)
File : nvt/fcore_2009_0268.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200805-23 (samba)
File : nvt/glsa_200805_23.nasl
2008-09-06 Name : Samba 3.0.0 > 3.0.29 vulnerability
File : nvt/samba_CB-A08-0085.nasl
2008-06-11 Name : Debian Security Advisory DSA 1590-1 (samba)
File : nvt/deb_1590_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2008-149-01 samba
File : nvt/esoft_slk_ssa_2008_149_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
45657 Samba lib/util_sock.c receive_smb_raw() Function Crafted Packet Handling Over...

Snort® IPS/IDS

Date Description
2015-01-06 SMB server response heap overflow attempt
RuleID : 32631 - Revision : 2 - Type : NETBIOS
2014-01-10 SMB server response heap overflow attempt
RuleID : 13901 - Revision : 16 - Type : NETBIOS

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0290.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0288.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0289.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080528_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080528_samba_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0290.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12165.nasl - Type : ACT_GATHER_INFO
2009-07-27 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2008-0011.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-108.nasl - Type : ACT_GATHER_INFO
2008-09-19 Name : The remote multi-function device allows execution of arbitrary code.
File : xerox_xrx08_009.nasl - Type : ACT_GATHER_INFO
2008-07-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-617-2.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO
2008-06-18 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-617-1.nasl - Type : ACT_GATHER_INFO
2008-06-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cifs-mount-5292.nasl - Type : ACT_GATHER_INFO
2008-06-05 Name : The remote openSUSE host is missing a security update.
File : suse_cifs-mount-5294.nasl - Type : ACT_GATHER_INFO
2008-06-02 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200805-23.nasl - Type : ACT_GATHER_INFO
2008-06-02 Name : The remote Fedora host is missing a security update.
File : fedora_2008-4797.nasl - Type : ACT_GATHER_INFO
2008-06-02 Name : The remote Fedora host is missing a security update.
File : fedora_2008-4724.nasl - Type : ACT_GATHER_INFO
2008-06-02 Name : The remote Fedora host is missing a security update.
File : fedora_2008-4679.nasl - Type : ACT_GATHER_INFO
2008-06-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1590.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0288.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote Samba server may be affected by a buffer overflow vulnerability.
File : samba_3_0_30.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0290.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2008-149-01.nasl - Type : ACT_GATHER_INFO
2008-05-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0288.nasl - Type : ACT_GATHER_INFO