CVE-2008-1105 - Is samba server 3.0.26a vulnerable?

Gerald (Jerry) Carter jerry at
Mon Jun 16 16:04:14 GMT 2008

Hash: SHA1

hagai yaffe wrote:
> Hello, 
> I have SAMBA server 3.0.26a deployed and I would like to know if they are
> vulnerable to the problem described in CVE-2008-1105, if it is I would like
> to know how it can be attacked.  
> I have read in ( the
> following: 
> “Because the server process, smbd, can itself act as a client during
> operations such as printer notification and domain authentication, this
> issue affects both Samba client and server installations. ” 
> How ever I have read in
> ( 
> "Successful exploitation allows execution of arbitrary code by tricking a
> user into connecting to a malicious server (e.g. by clicking an "smb://"
> link) or by sending specially crafted packets to an "nmbd" server configured
> as a local or domain master browser." 
> Our SAMBA is configured such that it cannot be a local / domain master
> server (from samba.conf file): 
>        preferred master = False 
>         local master = No 
>         domain master = False 
> Does this mean that we are not vulnerable?

No.  Does not imply that.

> If we are could you describe an attack scenario?

One example is when smbd opens up a back channel to the client
for asynch printer change notification.

cheers, jerry
- --
Samba                                    -------
Likewise Software          ---------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list