[prev in list] [next in list] [prev in thread] [next in thread] 

List:       samba
Subject:    Re: [SAMBA] CVE-2008-1105 - Boundary failure when parsing SMB
From:       "Gerald (Jerry) Carter" <jerry () samba ! org>
Date:       2008-05-29 14:11:50
Message-ID: 483EB9A6.5030207 () samba ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alexander,

> Hello Jerry, list,
>  
> Could someone please provide a bit more information 
> regarding this vulnerability, in terms of what
> configurations are affected?

It is in the client SMB response parsing for a specific
SMB op.  There are many places where the client code is used.
For example, print change notification where smbd has to
reconnect back to the Windows NT or later client and open
a socket.  Also of course the domain member server
connections (contacting a DC) as well as simple smbspool
and smbclient uses.

This is a pretty important patch for all server configurations
I believe.

Hope this helps.




cheers, jerry
- --
=====================================================================
Samba                                    ------- http://www.samba.org
Likewise Software          ---------  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIPrmlIR7qMdg1EfYRAkOhAKCYFFvUMx5Ieojgj4E14B+owOsDLgCeJZO4
APPGCs6TbE4ljVBTL5Y6K1Q=
=z1do
-----END PGP SIGNATURE-----
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
[prev in list] [next in list] [prev in thread] [next in thread]