Nortel Response to Sun Alert 249087 - Solaris Samba smbd Information Disclosure Vulnerability
| Description: |
Sun Microsystems has recently released Sun Alert 249087 - Solaris Samba smbd Information Disclosure Vulnerability. An information disclosure security vulnerability in Samba (SAMBA(7)) may allow a remote unprivileged user to read arbitrary memory buffer contents and cause a Denial of Service (DoS) via crafted requests. Some Nortel products contain this software as a component and thus are potentially affected by the vulnerabilities addressed. This bulletin provides a multi-product consolidated response for the Nortel products which are potentially affected. Sun Alert is available at: http://sunsolve.sun.com/search/document.do?assetkey=1-66-249087-1 This advisory addresses the following common vulnerability identifier: CVE-2008-4314 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4314) smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed. CVSS Severity: 8.5 (HIGH) Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories |
| Type: |
Security Advisories |
| Number: |
2009009361, Rev 1 |
| Status: |
Retired |
| Date: |
2009-09-17 |
