fkie_cve-2008-4314
Vulnerability from fkie_nvd
Published
2008-12-01 15:30
Modified
2025-04-09 00:30
Severity ?
Summary
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
secalert@redhat.comhttp://marc.info/?l=bugtraq&m=125003356619515&w=2
secalert@redhat.comhttp://osvdb.org/50230
secalert@redhat.comhttp://secunia.com/advisories/32813Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/32919Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/32951
secalert@redhat.comhttp://secunia.com/advisories/32968
secalert@redhat.comhttp://secunia.com/advisories/36281
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684
secalert@redhat.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1
secalert@redhat.comhttp://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch
secalert@redhat.comhttp://us1.samba.org/samba/security/CVE-2008-4314.html
secalert@redhat.comhttp://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html
secalert@redhat.comhttp://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html
secalert@redhat.comhttp://www.securityfocus.com/bid/32494
secalert@redhat.comhttp://www.securitytracker.com/id?1021287
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-680-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2008/3277
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/0067
secalert@redhat.comhttp://www.vupen.com/english/advisories/2009/2245
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=125003356619515&w=2
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/50230
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32813Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32919Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32951
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32968
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36281
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.453684
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1
af854a3a-2127-422b-91ae-364da2661108http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch
af854a3a-2127-422b-91ae-364da2661108http://us1.samba.org/samba/security/CVE-2008-4314.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32494
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021287
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-680-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3277
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/0067
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2245
Impacted products
Vendor Product Version
samba samba 3.0.29
samba samba 3.0.30
samba samba 3.0.31
samba samba 3.0.32
samba samba 3.0.33
samba samba 3.2.0
samba samba 3.2.1
samba samba 3.2.2
samba samba 3.2.3
samba samba 3.2.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBEA8397-6E23-49FE-9555-39C9599C6362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "023C2353-750A-42FC-AC7E-115627E74AAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "F28A8721-CA4A-44E1-B740-0B4610374CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "D93572BB-7F00-4137-A079-6FE96CD73F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0B13E8-EF18-4A3D-B228-C7FF128D1FD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44746973-3CFD-4808-9545-755E296EFF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31E4627C-5D19-4599-B304-D0E4D4193170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE162A7-969D-44D5-B9ED-764F20F19C87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "28DF45AE-DF03-4321-A019-D3BBC16433B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D87AD2-89F2-455F-916E-D404E6BD02C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a \"cut\u0026paste error\" that causes an improper bounds check to be performed."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en smbd en versiones de Samba desde la 3.0.29 hasta la 3.2.4 podr\u00eda permitir a atacantes remotos leer zonas arbitrarias de memoria y causar una denegaci\u00f3n de servicio a trav\u00e9s de peticiones modificadas de (1)trans, (2) trans2, y (3) nttrans. Esta vulnerabilidad est\u00e1 relacionada con un error  \"cortado y pegado\" que causa un control de l\u00edmites inadecuado."
    }
  ],
  "id": "CVE-2008-4314",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 7.8,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-01T15:30:00.360",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=125003356619515\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/50230"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32813"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32919"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32951"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/32968"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/36281"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.453684"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://us1.samba.org/samba/security/CVE-2008-4314.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/32494"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1021287"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-680-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/3277"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/0067"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/2245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=125003356619515\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/50230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2008\u0026m=slackware-security.453684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-249087-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://us1.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://us1.samba.org/samba/security/CVE-2008-4314.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2008-December/msg00141.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-680-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2245"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
      "lastModified": "2008-12-01T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.