CVE-2008-1105

Samba 3.0.0-3.0.29 - Remote Code Execution via Crafted SMB Response

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1105. PoCs published by Guido Landi.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Samba's SMB client by sending a maliciously crafted packet with an oversized payload (131071 bytes) to trigger a heap corruption, leading to a denial-of-service (DoS) condition.

Description

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Guido Landi · perldosmultiple

https://www.exploit-db.com/exploits/5712

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Samba's SMB client by sending a maliciously crafted packet with an oversized payload (131071 bytes) to trigger a heap corruption, leading to a denial-of-service (DoS) condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Samba (smbclient)

No auth needed

Prerequisites: Network access to the target's SMB port (445)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (52)

Core 52

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0288.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30478

Third Party Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01030.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30396

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT2163

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30489

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2639

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1020123

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30835

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1981/references

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30736

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5733

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30385

Mailing List, Third Party Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.473951

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31911

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1908

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0290.html

VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42664

Broken Link vendor-advisory x_refsource_hp

http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5712

Mailing List, Third Party Advisory vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2222/references

Third Party Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01082.html

Third Party Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2008-May/msg01006.html

Broken Link vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-249086-1

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30449

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:108

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30802

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33696

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30442

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30543

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/492683/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30228

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-617-2

Broken Link x_refsource_confirm

http://www.xerox.com/downloads/usa/en/c/cert_XRX08_009.pdf

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-617-1

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31255

Broken Link x_refsource_confirm

http://wiki.rpath.com/Advisories:rPSA-2008-0180

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/492737/100/0/threaded

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200805-23.xml

Third Party Advisory, Vendor Advisory x_refsource_misc

http://secunia.com/secunia_research/2008-20/advisory/

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00000.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://lists.vmware.com/pipermail/security-announce/2008/000023.html

Third Party Advisory vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10020

VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45251

Permissions Required vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/1681

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0289.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31246

Vendor Advisory x_refsource_confirm

http://www.samba.org/samba/security/CVE-2008-1105.html

Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29404

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1590

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/492903/100/0/threaded

Scores

EPSS 0.6908

EPSS Percentile 99.3%

Details

CWE

CWE-119

Status published

Products (6)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 7.04

canonical/ubuntu_linux 7.10

canonical/ubuntu_linux 8.04

debian/debian_linux 4.0

samba/samba 3.0.0 - 3.0.29

Published May 29, 2008

Tracked Since Feb 18, 2026