Lucene search

[email protected]CVE-2008-1105

HistoryMay 29, 2008 - 4:32 p.m.

CVE-2008-1105

2008-05-2916:32:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1105

samba

buffer overflow

remote code execution

nvd

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

CPENameOperatorVersion
samba:sambasambale3.0.29
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
debian:debian_linuxdebian debian linuxeq4.0

CPE	Name	Operator	Version
samba:samba	samba	le	3.0.29
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
debian:debian_linux	debian debian linux	eq	4.0

References

lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-06/msg00000.html

lists.vmware.com/pipermail/security-announce/2008/000023.html

secunia.com/advisories/30228

secunia.com/advisories/30385

secunia.com/advisories/30396

secunia.com/advisories/30442

secunia.com/advisories/30449

secunia.com/advisories/30478

secunia.com/advisories/30489

secunia.com/advisories/30543

secunia.com/advisories/30736

secunia.com/advisories/30802

secunia.com/advisories/30835

secunia.com/advisories/31246

secunia.com/advisories/31911

secunia.com/advisories/33696

secunia.com/secunia_research/2008-20/advisory/

security.gentoo.org/glsa/glsa-200805-23.xml

securitytracker.com/id?1020123

slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473951

sunsolve.sun.com/search/document.do?assetkey=1-26-249086-1

support.apple.com/kb/HT2163

wiki.rpath.com/Advisories:rPSA-2008-0180

www.debian.org/security/2008/dsa-1590

www.mandriva.com/security/advisories?name=MDVSA-2008:108

www.redhat.com/support/errata/RHSA-2008-0288.html

www.redhat.com/support/errata/RHSA-2008-0289.html

www.redhat.com/support/errata/RHSA-2008-0290.html

www.samba.org/samba/security/CVE-2008-1105.html

www.securityfocus.com/archive/1/492683/100/0/threaded

www.securityfocus.com/archive/1/492737/100/0/threaded

www.securityfocus.com/archive/1/492903/100/0/threaded

www.securityfocus.com/bid/29404

www.securityfocus.com/bid/31255

www.ubuntu.com/usn/usn-617-1

www.ubuntu.com/usn/usn-617-2

www.vupen.com/english/advisories/2008/1681

www.vupen.com/english/advisories/2008/1908

www.vupen.com/english/advisories/2008/1981/references

www.vupen.com/english/advisories/2008/2222/references

www.vupen.com/english/advisories/2008/2639

www.xerox.com/downloads/usa/en/c/cert_XRX08_009.pdf

www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657

exchange.xforce.ibmcloud.com/vulnerabilities/42664

exchange.xforce.ibmcloud.com/vulnerabilities/45251

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10020

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5733

www.exploit-db.com/exploits/5712

www.redhat.com/archives/fedora-package-announce/2008-May/msg01006.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg01030.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg01082.html

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON

CVE-2008-1105

References

Related