CVE-2008-1105

Loading...

General

Score:7.5/10.0
Severity:High
Category:Buffer Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2005-3164, CVE-2007-1355, CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2007-2449, CVE-2007-2450, CVE-2007-3382, CVE-2007-3383, CVE-2007-3385, CVE-2007-4572, CVE-2007-5333, CVE-2007-5398, CVE-2007-5461, CVE-2007-6015, CVE-2007-6276, CVE-2008-0960, CVE-2008-1145, CVE-2008-2307, CVE-2008-2308, CVE-2008-2309, CVE-2008-2310, CVE-2008-2311, CVE-2008-2313, CVE-2008-2314, CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726, CVE-2008-3789, CVE-2008-4314, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, CVE-2009-3297, CVE-2010-0728, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-0817, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0172, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-0240, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, CVE-2016-2119, CVE-2016-2125, CVE-2016-2126, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-14746, CVE-2017-15275, CVE-2017-2619, CVE-2017-7494, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139

Published on 29/05/08 - Updated on 11/10/18

Description

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

Category: Buffer Error

CWE-119 (Buffer Errors)
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Security Notices

US National Vulnerability DatabaseCVE-2008-1105
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2008-AVI-276, CERTA-2008-AVI-337, CERTA-2008-AVI-343, CERTA-2008-AVI-380
CentOS CESA-2008:0288, CESA-2008:0290
Oracle Linux ELSA-2017-0662, ELSA-2018-1860, ELSA-2018-3056
Redhat RHSA-2008:0288, RHSA-2008:0289, RHSA-2008:0290
Renater 2008/VULN190, 2008/VULN243, 2008/VULN260

Exploits

Exploit-DBEDB-5712
SecurityFocusBID-29404

Relative technologies

VendorProduct
sambasamba

Share this vulnerability with:

Twitter Facebook LinkedIn Mail