diff options
author | Stefan Fritsch <sf@sfritsch.de> | 2007-05-22 17:28:25 +0000 |
---|---|---|
committer | Stefan Fritsch <sf@sfritsch.de> | 2007-05-22 17:28:25 +0000 |
commit | 288c283d8274022082f0732f5b5dc8a8ed03584d (patch) | |
tree | a80896c5ca3f4a0bb0cf185468e913e12a651bca /data/DTSA/advs | |
parent | f18c8645f176ec309bf15f3176c01884911d7f6f (diff) |
new samba adv
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5896 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r-- | data/DTSA/advs/38-samba.adv | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/data/DTSA/advs/38-samba.adv b/data/DTSA/advs/38-samba.adv new file mode 100644 index 0000000000..adec1ba7d5 --- /dev/null +++ b/data/DTSA/advs/38-samba.adv @@ -0,0 +1,33 @@ +source: samba +date: May 22th, 2007 +author: Stefan Fritsch +vuln-type: several vulnerabilities +problem-scope: remote +debian-specifc: no +cve: CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 +vendor-advisory: +testing-fix: 3.0.24-6lenny2 +sid-fix: 3.0.25-1 +upgrade: apt-get upgrade + +Several issues have been identified in Samba, the SMB/CIFS file- and +print-server implementation for GNU/Linux. + +CVE-2007-2444 + +When translating SIDs to/from names using Samba local list of user and group +accounts, a logic error in the smbd daemon's internal security stack may result +in a transition to the root user id rather than the non-root user. The user is +then able to temporarily issue SMB/CIFS protocol operations as the root user. +This window of opportunity may allow the attacker to establish addition means +of gaining root access to the server. + +CVE-2007-2446 + +Various bugs in Samba's NDR parsing can allow a user to send specially crafted +MS-RPC requests that will overwrite the heap space with user defined data. + +CVE-2007-2447 + +Unescaped user input parameters are passed as arguments to /bin/sh allowing for +remote command execution. |