CVE-2008-1105 - Is samba server 3.0.26a vulnerable?
Gerald (Jerry) Carter
jerry at samba.org
Mon Jun 16 16:04:14 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hagai yaffe wrote:
> Hello,
>
> I have SAMBA server 3.0.26a deployed and I would like to know if they are
> vulnerable to the problem described in CVE-2008-1105, if it is I would like
> to know how it can be attacked.
>
> I have read in (http://www.samba.org/samba/security/CVE-2008-1105.html) the
> following:
>
> “Because the server process, smbd, can itself act as a client during
> operations such as printer notification and domain authentication, this
> issue affects both Samba client and server installations. â€
>
> How ever I have read in
> (http://secunia.com/secunia_research/2008-20/advisory/):
>
> "Successful exploitation allows execution of arbitrary code by tricking a
> user into connecting to a malicious server (e.g. by clicking an "smb://"
> link) or by sending specially crafted packets to an "nmbd" server configured
> as a local or domain master browser."
>
> Our SAMBA is configured such that it cannot be a local / domain master
> server (from samba.conf file):
>
> preferred master = False
> local master = No
> domain master = False
>
> Does this mean that we are not vulnerable?
No. Does not imply that.
> If we are could you describe an attack scenario?
One example is when smbd opens up a back channel to the client
for asynch printer change notification.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIVo7+IR7qMdg1EfYRAtAWAJ9smd/DoMG7ktWA8TyHY8a9g0XKgwCgz4FZ
B7I9pvJrP3Og4cFtzKADeow=
=3ZfY
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list