Ubuntu Linux Security Update: Samba regression ( CVE-2008-1105 )
A security issue affects the following Ubuntu releases:
=> Ubuntu 6.06 LTS
=> Ubuntu 7.04
=> Ubuntu 7.10
=> Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller,
a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572)
Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code. (CVE-2008-1105)
How do I fix this issue?
Login as root and type the following two commands:
$ sudo apt-get update
$ sudo apt-get upgrade
You may also be interested in other helpful articles:
- Join a Windows Domain From Linux / UNIX Computer Using Samba
- How do I join a Windows 2003 Active Directory domain from Linux system?
- Debian Linux Security Update: Cacti packages fix regression
- Samba Project Receives Microsoft Protocol Details
- Tip of the day: Automount your Linux samba host into a Windows environment
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: arbitrary code, attacker, backup domain controller, CVE-2007-4572, CVE-2008-1105, denial of service, domain controller, edubuntu, kubuntu, linux security, Security, security issue, Ubuntu Linux, xubuntu
Recent Comments
Yesterday ~ 24 Comments
Yesterday ~ 24 Comments
Yesterday ~ 3 Comments
Yesterday ~ 2 Comments
09/05/2008 06:08 pm (2 days ago) ~ 16 Comments