8.5 - SUN-249087

Executive Summary

Summary
Title	Sun Alert 249087 Security Vulnerability in samba(7) Specially Crafted Packet May Expose Arbitrary Buffer of Data

Informations
Name	SUN-249087	First vendor Publication	2009-01-08
Vendor	Sun	Last vendor Modification	2009-02-02
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:P)
Cvss Base Score	8.5	Attack Range	Network
Cvss Impact Score	7.8	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 9 Operating System Solaris 10 Operating System SAMBA

An information disclosure security vulnerability in Samba (SAMBA(7)) may allow a remote unprivileged user to read arbitrary memory buffer contents and cause a Denial of Service (DoS) via crafted requests.

Additional information on this issue can be found in the following document:

CVE-2008-4314 http://www.security-database.com/detail.php?cve=CVE-2008-4314

State: Resolved

First released: 08-Jan-2009

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-249087-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_249087_security_vulnerability

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-200	Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17888

Oval ID:	oval:org.mitre.oval:def:17888
Title:	USN-680-1 -- samba vulnerability
Description:	It was discovered that Samba did not properly perform bounds checking in certain operations.
Family:	unix	Class:	patch
Reference(s):	USN-680-1 CVE-2008-4314	Version:	5
Platform(s):	Ubuntu 8.10	Product(s):	samba
Definition Synopsis:
Ubuntu 8.10 is installed AND samba DPKG is earlier than 2:3.2.3-1ubuntu3.3

CPE : Common Platform Enumeration

Type	Description	Count
Application	Samba cpe:2.3:a:samba:samba:3.2.4:::::::* cpe:2.3:a:samba:samba:3.2.3:::::::* cpe:2.3:a:samba:samba:3.2.2:::::::* cpe:2.3:a:samba:samba:3.2.1:::::::* cpe:2.3:a:samba:samba:3.2.0:::::::* cpe:2.3:a:samba:samba:3.0.33:::::::* cpe:2.3:a:samba:samba:3.0.32:::::::* cpe:2.3:a:samba:samba:3.0.31:::::::* cpe:2.3:a:samba:samba:3.0.30:::::::* cpe:2.3:a:samba:samba:3.0.29:::::::*	10

OpenVAS Exploits

Date	Description
2010-02-15	Name : Solaris Update for Samba 114684-15 File : nvt/gb_solaris_114684_15.nasl
2010-02-15	Name : Solaris Update for Samba 114685-15 File : nvt/gb_solaris_114685_15.nasl
2009-11-04	Name : Samba Arbitrary Memory Contents Information Disclosure Vulnerability File : nvt/samba_32494.nasl
2009-10-13	Name : SLES10: Security update for Samba File : nvt/sles10_cifs-mount.nasl
2009-10-13	Name : Solaris Update for Samba 119758-16 File : nvt/gb_solaris_119758_16.nasl
2009-10-13	Name : Solaris Update for Samba 119757-16 File : nvt/gb_solaris_119757_16.nasl
2009-10-13	Name : Solaris Update for Samba 114684-14 File : nvt/gb_solaris_114684_14.nasl
2009-10-13	Name : Solaris Update for Samba 114685-14 File : nvt/gb_solaris_114685_14.nasl
2009-10-06	Name : Fedora Core 10 FEDORA-2009-10172 (samba) File : nvt/fcore_2009_10172.nasl
2009-09-23	Name : Solaris Update for Samba 119758-15 File : nvt/gb_solaris_119758_15.nasl
2009-09-23	Name : Solaris Update for Samba 119757-15 File : nvt/gb_solaris_119757_15.nasl
2009-06-05	Name : Ubuntu USN-707-1 (cupsys) File : nvt/ubuntu_707_1.nasl
2009-06-03	Name : Solaris Update for Samba 119757-14 File : nvt/gb_solaris_119757_14.nasl
2009-06-03	Name : Solaris Update for Samba 119758-14 File : nvt/gb_solaris_119758_14.nasl
2009-06-03	Name : Solaris Update for Samba 114685-13 File : nvt/gb_solaris_114685_13.nasl
2009-06-03	Name : Solaris Update for Samba 114684-13 File : nvt/gb_solaris_114684_13.nasl
2009-03-23	Name : Ubuntu Update for samba vulnerability USN-680-1 File : nvt/gb_ubuntu_USN_680_1.nasl
2009-03-13	Name : Gentoo Security Advisory GLSA 200903-07 (samba) File : nvt/glsa_200903_07.nasl
2009-02-16	Name : Fedora Update for samba FEDORA-2008-10638 File : nvt/gb_fedora_2008_10638_samba_fc8.nasl
2009-02-16	Name : Fedora Update for samba FEDORA-2008-10612 File : nvt/gb_fedora_2008_10612_samba_fc10.nasl
2009-02-16	Name : Fedora Update for samba FEDORA-2008-10518 File : nvt/gb_fedora_2008_10518_samba_fc9.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1) File : nvt/suse_sr_2009_001.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0) File : nvt/suse_sr_2009_001a.nasl
2009-01-20	Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3) File : nvt/suse_sr_2009_001b.nasl
2009-01-13	Name : Fedora Core 9 FEDORA-2009-0268 (samba) File : nvt/fcore_2009_0268.nasl
2009-01-07	Name : Fedora Core 10 FEDORA-2009-0160 (samba) File : nvt/fcore_2009_0160.nasl
2008-12-03	Name : FreeBSD Ports: samba, samba3, ja-samba File : nvt/freebsd_samba14.nasl
0000-00-00	Name : Slackware Advisory SSA:2008-333-01 samba File : nvt/esoft_slk_ssa_2008_333_01.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
50230	Samba smbd trans Request Arbitrary Remote Memory Disclosure

Nessus® Vulnerability Scanner

Date	Description
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_cifs-mount-081121.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_cifs-mount-090108.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_cifs-mount-090108.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2008-10612.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-680-1.nasl - Type : ACT_GATHER_INFO
2009-03-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200903-07.nasl - Type : ACT_GATHER_INFO
2008-12-03	Name : The remote Fedora host is missing a security update. File : fedora_2008-10518.nasl - Type : ACT_GATHER_INFO
2008-12-03	Name : The remote Fedora host is missing a security update. File : fedora_2008-10638.nasl - Type : ACT_GATHER_INFO
2008-12-03	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-5819.nasl - Type : ACT_GATHER_INFO
2008-12-01	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-333-01.nasl - Type : ACT_GATHER_INFO
2008-12-01	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1583640dbe2011dda5780030843d3802.nasl - Type : ACT_GATHER_INFO
2008-12-01	Name : The remote Samba server may be affected by an information disclosure vulnerab... File : samba_3_2_5.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	1
Oval ID(s)	1
CPE ID(s)	10
osvdb(s)	1
Openvas Exploit(s)	28
Nessus® Exploit(s)	12

	Related
8.5	CVE-2008-4314
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

8.5 - SUN-249087

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU