CVE-2008-1105

Name of the Vulnerable Software and Affected Versions Samba versions 3.0.0 through 3.0.29 Samba versions prior to 3.0.28a-r1

Description The issue is a heap-based buffer overflow in the receive smb raw function in util/sock.c in Samba, which allows remote attackers to execute arbitrary code via a crafted SMB response. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For Samba versions 3.0.0 through 3.0.29, update to a version outside of this range to resolve the issue. For Samba versions prior to 3.0.28a-r1, update to version 3.0.28a-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable receive smb raw function in util/sock.c until a patch is available.