new samba adv

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5896 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 33 insertions, 0 deletions

diff --git a/data/DTSA/advs/38-samba.adv b/data/DTSA/advs/38-samba.adv
new file mode 100644
index 0000000000..adec1ba7d5
--- /dev/null
+++ b/data/DTSA/advs/38-samba.adv
@@ -0,0 +1,33 @@
+source: samba
+date: May 22th, 2007
+author: Stefan Fritsch
+vuln-type: several vulnerabilities
+problem-scope: remote
+debian-specifc: no
+cve:  CVE-2007-2444 CVE-2007-2446 CVE-2007-2447
+vendor-advisory: 
+testing-fix: 3.0.24-6lenny2
+sid-fix: 3.0.25-1
+upgrade: apt-get upgrade
+
+Several issues have been identified in Samba, the SMB/CIFS file- and
+print-server implementation for GNU/Linux.
+
+CVE-2007-2444 
+
+When translating SIDs to/from names using Samba local list of user and group
+accounts, a logic error in the smbd daemon's internal security stack may result
+in a transition to the root user id rather than the non-root user. The user is
+then able to temporarily issue SMB/CIFS protocol operations as the root user.
+This window of opportunity may allow the attacker to establish addition means
+of gaining root access to the server.
+
+CVE-2007-2446 
+
+Various bugs in Samba's NDR parsing can allow a user to send specially crafted
+MS-RPC requests that will overwrite the heap space with user defined data.
+
+CVE-2007-2447 
+
+Unescaped user input parameters are passed as arguments to /bin/sh allowing for
+remote command execution.