PublicDate: 2008-05-29 16:32:00 UTC
Candidate: CVE-2008-1105
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1105
 https://ubuntu.com/security/notices/USN-617-1
 https://ubuntu.com/security/notices/USN-617-2
Description:
 Heap-based buffer overflow in the receive_smb_raw function in util/sock.c
 in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary
 code via a crafted SMB response.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/235912
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483410
Priority: medium
Discovered-by: Alin Rad Pop
Assigned-to: jdstrand
CVSS: 

Patches_samba:
 vendor: http://www.debian.org/security/2008/dsa-1590
 vendor: https://rhn.redhat.com/errata/RHSA-2008-0289.html
 vendor: https://rhn.redhat.com/errata/RHSA-2008-0290.html
upstream_samba: released (3.0.30)
dapper_samba: released (3.0.22-1ubuntu3.7)
feisty_samba: released (3.0.24-2ubuntu1.6)
gutsy_samba: released (3.0.26a-1ubuntu2.4)
hardy_samba: released (3.0.28a-1ubuntu4.2)
devel_samba: released (1:3.0.30-1)