CVE-2008-4314

Published Dec 1, 2008

Last updated a month ago

Overview

Description
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.
Source
secalert@redhat.com
NVD status
Deferred

Risk scores

CVSS 2.0

Type
Primary
Base score
8.5
Impact score
7.8
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:C/I:N/A:P

Weaknesses

nvd@nist.gov
CWE-200

Social media

Hype score
Not currently trending

Vendor comments

  • Red HatNot vulnerable. This issue did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Configurations

References

Sources include official advisories and independent security research.