CVE-2008-4314

Name of the Vulnerable Software and Affected Versions Samba versions 3.0.29 through 3.2.4 Samba version 3.0.33 and earlier

Description The issue allows remote attackers to read arbitrary memory and cause a denial of service via crafted requests, including (1) trans, (2) trans2, and (3) nttrans requests. This is related to a "cut&paste error" that causes an improper bounds check to be performed. Exploitation of this issue may lead to a violation of confidentiality and availability of protected information.

Recommendations For Samba versions 3.0.29 through 3.0.33, update to a version later than 3.0.33 to resolve the issue. For Samba versions prior to 3.0.29, update to a version later than 3.0.33 to resolve the issue. As a temporary workaround, consider restricting access to the smbd service until a patch is available.