Oval Definition:oval:com.redhat.rhsa:def:20080288
Revision Date:2008-05-28Version:637
Title:RHSA-2008:0288: samba security update (Critical)
Description:Samba is a suite of programs used by machines to share files, printers, and other information.

  • A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. It was also possible for a remote user to send a specially crafted print request to a Samba server that could result in the server executing the vulnerable client code, resulting in arbitrary code execution with the permissions of the Samba server. (CVE-2008-1105)

    Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.

    Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2008-1105
    RHSA-2008:0288
    RHSA-2008:0288-01
    RHSA-2008:0288-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • samba-swat is earlier than 0:3.0.9-1.3E.15
  • AND samba-swat is signed with Red Hat master key
  • samba-client is earlier than 0:3.0.9-1.3E.15
  • AND samba-client is signed with Red Hat master key
  • samba-common is earlier than 0:3.0.9-1.3E.15
  • AND samba-common is signed with Red Hat master key
  • samba is earlier than 0:3.0.9-1.3E.15
  • AND samba is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • samba-swat is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba-swat is signed with Red Hat master key
  • samba-client is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba-client is signed with Red Hat master key
  • samba-common is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba-common is signed with Red Hat master key
  • samba is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba is signed with Red Hat master key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • samba is earlier than 0:3.0.9-1.3E.15
  • AND samba is signed with Red Hat master key
  • samba-client is earlier than 0:3.0.9-1.3E.15
  • AND samba-client is signed with Red Hat master key
  • samba-common is earlier than 0:3.0.9-1.3E.15
  • AND samba-common is signed with Red Hat master key
  • samba-swat is earlier than 0:3.0.9-1.3E.15
  • AND samba-swat is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • samba is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba is signed with Red Hat master key
  • samba-client is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba-client is signed with Red Hat master key
  • samba-common is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba-common is signed with Red Hat master key
  • samba-swat is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba-swat is signed with Red Hat master key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • samba is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba is signed with Red Hat redhatrelease2 key
  • samba-client is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba-client is signed with Red Hat redhatrelease2 key
  • samba-common is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba-common is signed with Red Hat redhatrelease2 key
  • samba-swat is earlier than 0:3.0.25b-1.el4_6.5
  • AND samba-swat is signed with Red Hat redhatrelease2 key
    • BACK