Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-1105Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
7.5HIGHNVD
EPSS
85.7%
top 0.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
SambaDebian SambaCanonical Ubuntu Linux+1 more
Timeline
PublishedMay 29
Latest updateMay 1

Description

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/samba< samba 1:3.0.30-1 (bookworm)
Debiansamba/samba< 1:3.0.30-1+3
NVDsamba/samba3.0.03.0.29

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.04, 7.10, 8.04

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-38xm-32fr-cm7j: Heap-based buffer overflow in the receive_smb_raw function in util/sock2022-05-01
OSV
CVE-2008-1105: Heap-based buffer overflow in the receive_smb_raw function in util/sock2008-05-29

💥Exploits & PoCs

1
Exploit-DB
Samba 3.0.29 (Client) - 'receive_smb_raw()' Buffer Overflow (PoC)2008-06-01

📋Vendor Advisories

4
Ubuntu
Samba regression2008-06-30
Ubuntu
Samba vulnerabilities2008-06-17
Red Hat
Samba client buffer overflow2008-05-28
Debian
CVE-2008-1105: samba - Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Sam...2008

💬Community

1
Bugzilla
CVE-2008-1105 Samba client buffer overflow2008-05-15