[SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB
responses
Gerald (Jerry) Carter
jerry at samba.org
Thu May 29 14:11:50 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alexander,
> Hello Jerry, list,
>
> Could someone please provide a bit more information
> regarding this vulnerability, in terms of what
> configurations are affected?
It is in the client SMB response parsing for a specific
SMB op. There are many places where the client code is used.
For example, print change notification where smbd has to
reconnect back to the Windows NT or later client and open
a socket. Also of course the domain member server
connections (contacting a DC) as well as simple smbspool
and smbclient uses.
This is a pretty important patch for all server configurations
I believe.
Hope this helps.
cheers, jerry
- --
=====================================================================
Samba ------- http://www.samba.org
Likewise Software --------- http://www.likewisesoftware.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIPrmlIR7qMdg1EfYRAkOhAKCYFFvUMx5Ieojgj4E14B+owOsDLgCeJZO4
APPGCs6TbE4ljVBTL5Y6K1Q=
=z1do
-----END PGP SIGNATURE-----
More information about the samba
mailing list