Samba 'trans', 'trans2', and 'nttrans' Requests Let Remote Users Obtain Memory Contents
|
|
SecurityTracker Alert ID: 1021287 |
|
SecurityTracker URL: http://securitytracker.com/id/1021287
|
|
CVE Reference:
CVE-2008-4314
(Links to External Site)
|
Date: Nov 27 2008
|
Impact:
Disclosure of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.0.29 - 3.2.4
|
Description:
A vulnerability was reported in Samba. A remote user can obtain arbitrary memory contents.
A remote user can send specially crafted 'trans', 'trans2', and 'nttrans' requests to the target system to obtain arbitrary memory contents.
This vulnerability was detected during an internal code review.
|
Impact:
A remote user can obtain the contents of portions of system memory on the target system.
|
Solution:
The vendor has issued a fix (3.2.5, 3.0.33).
A patch for 3.0.32 is also available at:
http://www.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch
A patch for 3.2.4 is available at:
http://www.samba.org/samba/ftp/patches/security/samba-3.2.4-CVE-2008-4314.patch
The vendor's advisory is available at:
http://us1.samba.org/samba/security/CVE-2008-4314.html
|
Vendor URL: us1.samba.org/samba/security/CVE-2008-4314.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 27 Nov 2008 09:15:52 -0500
Subject: Samba
|
http://us1.samba.org/samba/security/CVE-2008-4314.html
CVE-2008-4314
|
|
