Intrusion Prevention

Samba.Receive.Smb.Raw.Buffer.Overflow

Description

This indicates an attempt to exploit a buffer-overflow vulnerability in Samba.
This vulnerability is due to the "receive_smb_raw()" [lib/util_sock.c] function's failure to properly check the bounds of user-supplied data when processing SMB packets. A remote attacker may be able to exploit this by sending overly large SMB packets.

Affected Products

Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 12.1
Slackware Linux 12.0
Slackware Linux 11.0
Slackware Linux -current
Samba Samba 3.0.29
Samba Samba 3.0.28 a
rPath rPath Linux 2
rPath rPath Linux 1
rPath Appliance Platform Linux Service 1
RedHat Fedora 9 0
RedHat Fedora 8 0
RedHat Fedora 7 0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4.5.z
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4.5.z
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux 5 server
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
MandrakeSoft Linux Mandrake 2008.1 x86_64
MandrakeSoft Linux Mandrake 2008.1
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0

Impact

System Compromise
Denial of Service

Recommended Actions

Apply the latest update from the vendor:
http://www.samba.org/samba/ftp/stable/samba-3.0.30.tar.gz.

CVE References

CVE-2008-1105