CVE-2008-1105 - Is samba server 3.0.26a vulnerable?
Gerald (Jerry) Carter
jerry at samba.org
Mon Jun 16 16:04:14 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
hagai yaffe wrote:
> I have SAMBA server 3.0.26a deployed and I would like to know if they are
> vulnerable to the problem described in CVE-2008-1105, if it is I would like
> to know how it can be attacked.
> I have read in (http://www.samba.org/samba/security/CVE-2008-1105.html) the
> â€œBecause the server process, smbd, can itself act as a client during
> operations such as printer notification and domain authentication, this
> issue affects both Samba client and server installations. â€
> How ever I have read in
> "Successful exploitation allows execution of arbitrary code by tricking a
> user into connecting to a malicious server (e.g. by clicking an "smb://"
> link) or by sending specially crafted packets to an "nmbd" server configured
> as a local or domain master browser."
> Our SAMBA is configured such that it cannot be a local / domain master
> server (from samba.conf file):
> preferred master = False
> local master = No
> domain master = False
> Does this mean that we are not vulnerable?
No. Does not imply that.
> If we are could you describe an attack scenario?
One example is when smbd opens up a back channel to the client
for asynch printer change notification.
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical