Update Protection against Samba receive_smb_raw SMB Packets Parsing Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2008-091 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA30228 | |
| Industry Reference(s): | CVE-2008-1105 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Samba Team Samba 3.0.29 and prior | ||
| Vulnerability Description A buffer overflow vulnerability has been reported in Samba. Samba is an open-source implementation of the network services suite SMB/CIFS (Server Message Block/Common Internet File System). An attacker may exploit this vulnerability to execute arbitrary code on a target system. |
||
|
Update/Patch Available Update to version 3.0.30 or apply patch: Samba |
|
|
Vulnerability Details The vulnerability is due to a boundary error in the "receive_smb_raw()" function when Samba parses SMB packets. A remote attacker can exploit this issue by specially crafting a malicious SMB packet and sending it to an affected system. Successful exploitation may allow execution of arbitrary code on a target system. |
Protection Overview
By enabling this protection, SmartDefense will detect and block malformed SMB packets sent to the vulnerable service.
In order for the protection to be activated, update your VPN-1/InterSpect product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.