CVE-2008-1105 - Is samba server 3.0.26a vulnerable?

hagai yaffe hagaiy at
Mon Jun 16 07:41:52 GMT 2008

I have SAMBA server 3.0.26a deployed and I would like to know if they are
vulnerable to the problem described in CVE-2008-1105, if it is I would like
to know how it can be attacked.  
I have read in ( the
“Because the server process, smbd, can itself act as a client during
operations such as printer notification and domain authentication, this
issue affects both Samba client and server installations. ” 
How ever I have read in
"Successful exploitation allows execution of arbitrary code by tricking a
user into connecting to a malicious server (e.g. by clicking an "smb://"
link) or by sending specially crafted packets to an "nmbd" server configured
as a local or domain master browser." 
Our SAMBA is configured such that it cannot be a local / domain master
server (from samba.conf file): 
       preferred master = False 
        local master = No 
        domain master = False 
Does this mean that we are not vulnerable? If we are could you describe an
attack scenario?  
Any help on this would be great. 

View this message in context:
Sent from the Samba - samba-technical mailing list archive at

More information about the samba-technical mailing list