| VID |
23214 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
Samba |
| Detailed Description |
A version of Samba server which is older than 3.0.30 is detected as running on the host. Samba is an Open Source/Free Software package that provides seamless file and print services to SMB/CIFS clients. Samba versions prior to 3.0.30 are vulnerable to a heap-based buffer overflow vulnerability, caused by improper bounds checking in 'nmbd' within the 'receive_smb_raw' function in 'lib/util_sock.c' when parsing SMB packets received in a client context. By tricking a user into connecting to a malicious server (e.g. by clicking an "smb://" link) or by sending specially-crafted packets to an 'nmbd' server configured as a local or domain master browser, a remote attacker could execute arbitrary code on the system or cause the affected server to crash.
* Note: If this check solely relied on the version number of the remote Samba server to assess this vulnerability, then this might be a false positive.
* References:
http://www.samba.org/samba/security/CVE-2008-1105.html
http://www.securityfocus.com/archive/1/archive/1/492683/100/0/threaded
http://www.frsirt.com/english/advisories/2008/1681
http://www.milw0rm.com/exploits/5712
http://securitytracker.com/id?1020123
http://secunia.com/advisories/30228
* Platforms Affected:
Samba Project, Samba versions prior to 3.0.30
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of Samba (3.0.30 or later), available from the Samba Web site at http://us1.samba.org/samba/ |
| Related URL |
CVE-2008-1105 (CVE) |
| Related URL |
29404 (SecurityFocus) |
| Related URL |
42664 (ISS) |
|
