CVE-2008-1105 - Is samba server 3.0.26a vulnerable? - Samba

This is a discussion on CVE-2008-1105 - Is samba server 3.0.26a vulnerable? - Samba ; Hello, I have SAMBA server 3.0.26a deployed and I would like to know if they are vulnerable to the problem described in CVE-2008-1105, if it is I would like to know how it can be attacked. I have read in ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: CVE-2008-1105 - Is samba server 3.0.26a vulnerable?

  1. CVE-2008-1105 - Is samba server 3.0.26a vulnerable?


    Hello,

    I have SAMBA server 3.0.26a deployed and I would like to know if they are
    vulnerable to the problem described in CVE-2008-1105, if it is I would like
    to know how it can be attacked.

    I have read in (http://www.samba.org/samba/security/CVE-2008-1105.html) the
    following:

    “Because the server process, smbd, can itself act as a client during
    operations such as printer notification and domain authentication, this
    issue affects both Samba client and server installations. ”

    How ever I have read in
    (http://secunia.com/secunia_research/2008-20/advisory/):

    "Successful exploitation allows execution of arbitrary code by tricking a
    user into connecting to a malicious server (e.g. by clicking an "smb://"
    link) or by sending specially crafted packets to an "nmbd" server configured
    as a local or domain master browser."

    Our SAMBA is configured such that it cannot be a local / domain master
    server (from samba.conf file):

    preferred master = False
    local master = No
    domain master = False

    Does this mean that we are not vulnerable? If we are could you describe an
    attack scenario?
    Any help on this would be great.

    Thanks,
    Hagai.

    --
    View this message in context: http://www.nabble.com/CVE-2008-1105-...p17859471.html
    Sent from the Samba - samba-technical mailing list archive at Nabble.com.


  2. Re: CVE-2008-1105 - Is samba server 3.0.26a vulnerable?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    hagai yaffe wrote:
    > Hello,
    >
    > I have SAMBA server 3.0.26a deployed and I would like to know if they are
    > vulnerable to the problem described in CVE-2008-1105, if it is I would like
    > to know how it can be attacked.
    >
    > I have read in (http://www.samba.org/samba/security/CVE-2008-1105.html) the
    > following:
    >
    > “Because the server process, smbd, can itself act as a client during
    > operations such as printer notification and domain authentication, this
    > issue affects both Samba client and server installations. ”
    >
    > How ever I have read in
    > (http://secunia.com/secunia_research/2008-20/advisory/):
    >
    > "Successful exploitation allows execution of arbitrary code by tricking a
    > user into connecting to a malicious server (e.g. by clicking an "smb://"
    > link) or by sending specially crafted packets to an "nmbd" server configured
    > as a local or domain master browser."
    >
    > Our SAMBA is configured such that it cannot be a local / domain master
    > server (from samba.conf file):
    >
    > preferred master = False
    > local master = No
    > domain master = False
    >
    > Does this mean that we are not vulnerable?


    No. Does not imply that.

    > If we are could you describe an attack scenario?


    One example is when smbd opens up a back channel to the client
    for asynch printer change notification.





    cheers, jerry
    - --
    ================================================== ===================
    Samba ------- http://www.samba.org
    Likewise Software --------- http://www.likewisesoftware.com
    "What man is a man who does not make the world better?" --Balian
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIVo7+IR7qMdg1EfYRAtAWAJ9smd/DoMG7ktWA8TyHY8a9g0XKgwCgz4FZ
    B7I9pvJrP3Og4cFtzKADeow=
    =3ZfY
    -----END PGP SIGNATURE-----


+ Reply to Thread