7.5

CVE-2008-1105

EPSS 72.95%
Veröffentlicht 29.05.2008 16:32:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle PSIRT-CNA@flexerasoftware.com
Teams Watchlist Login
Unerledigt Login

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 55

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samba ≫ Samba Version >= 3.0.0 <= 3.0.29

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version7.04

Canonical ≫ Ubuntu Linux Version7.10

Canonical ≫ Ubuntu Linux Version8.04 SwEdition-

Debian ≫ Debian Linux Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	72.95%	0.987

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/30802

Third Party Advisory

http://support.apple.com/kb/HT2163

Third Party Advisory

http://www.vupen.com/english/advisories/2008/1981/references

Permissions Required

http://lists.vmware.com/pipermail/security-announce/2008/000023.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/31246

Third Party Advisory

http://www.vupen.com/english/advisories/2008/2222/references

Permissions Required

http://secunia.com/advisories/30736

Third Party Advisory

http://secunia.com/advisories/30835

Third Party Advisory

http://www.ubuntu.com/usn/usn-617-1

Third Party Advisory

http://www.vupen.com/english/advisories/2008/1908

Permissions Required

http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00000.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/30228

Third Party Advisory

http://secunia.com/advisories/30385

Third Party Advisory

http://secunia.com/advisories/30396

Third Party Advisory

http://secunia.com/advisories/30442

Third Party Advisory

http://secunia.com/advisories/30449

Third Party Advisory

http://secunia.com/advisories/30478

Third Party Advisory

http://secunia.com/advisories/30489

Third Party Advisory

http://secunia.com/advisories/30543

Third Party Advisory

http://secunia.com/advisories/31911

Third Party Advisory

http://secunia.com/advisories/33696

Third Party Advisory

http://secunia.com/secunia_research/2008-20/advisory/

Third Party Advisory

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200805-23.xml

Third Party Advisory

http://securitytracker.com/id?1020123

Third Party Advisory

VDB Entry

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473951

Third Party Advisory

Mailing List

http://sunsolve.sun.com/search/document.do?assetkey=1-26-249086-1

Broken Link

http://wiki.rpath.com/Advisories:rPSA-2008-0180

Broken Link

http://www.debian.org/security/2008/dsa-1590

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:108

Broken Link

http://www.redhat.com/support/errata/RHSA-2008-0288.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0289.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0290.html

Third Party Advisory

http://www.samba.org/samba/security/CVE-2008-1105.html

Vendor Advisory

http://www.securityfocus.com/archive/1/492683/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/archive/1/492737/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/archive/1/492903/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/29404

Patch

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/31255

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-617-2

Third Party Advisory

http://www.vupen.com/english/advisories/2008/1681

Permissions Required

http://www.vupen.com/english/advisories/2008/2639

Permissions Required

http://www.xerox.com/downloads/usa/en/c/cert_XRX08_009.pdf

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/42664

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/45251

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10020

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5733

Third Party Advisory

https://www.exploit-db.com/exploits/5712

Third Party Advisory

VDB Entry

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01006.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01030.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01082.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2008-1105

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1105

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1105

EUVD