I have a CentOS server that is running Samba and I want to verify the vulnerability addressed by CVE-2008-1105.
What scenarios can I build in order to run the exploit that is mentioned in http://secunia.com/advisories/cve_reference/CVE-2008-1105/?
http://secunia.com/secunia_research/2008-20/advisory/ says that "Successful exploitation allows execution of arbitrary code by tricking a user into connecting to a malicious server (e.g. by clicking an "smb://" link) or by sending specially crafted packets to an "nmbd" server configured as a local or domain master browser."
More info:
The fastest way to check if a package contains a fix for a CVE vulnerability is to look at the changelog of the RPM:
Browsing through the changelog with
lessshows the fix in context:So the fix happened on May 17 2008.
As far as building scenarios to test/exploit it then you probably need to get on some security research forums.
This was from samba 3.0.33-3.14 on a RedHat 5U4 system.
Without turning yourself into a security researcher and writing your own exploit, there are free tools like metasploit http://blog.metasploit.com/2010/02/exploiting-samba-symlink-traversal.html that have put a browser interface round a lot of exploits making them easy to use. You can turn these against your own systems in a lab environment. I think metasploit even let you write exploit 'plugins'.