From 288c283d8274022082f0732f5b5dc8a8ed03584d Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Tue, 22 May 2007 17:28:25 +0000 Subject: new samba adv git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5896 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/DTSA/advs/38-samba.adv | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 data/DTSA/advs/38-samba.adv (limited to 'data/DTSA/advs') diff --git a/data/DTSA/advs/38-samba.adv b/data/DTSA/advs/38-samba.adv new file mode 100644 index 0000000000..adec1ba7d5 --- /dev/null +++ b/data/DTSA/advs/38-samba.adv @@ -0,0 +1,33 @@ +source: samba +date: May 22th, 2007 +author: Stefan Fritsch +vuln-type: several vulnerabilities +problem-scope: remote +debian-specifc: no +cve: CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 +vendor-advisory: +testing-fix: 3.0.24-6lenny2 +sid-fix: 3.0.25-1 +upgrade: apt-get upgrade + +Several issues have been identified in Samba, the SMB/CIFS file- and +print-server implementation for GNU/Linux. + +CVE-2007-2444 + +When translating SIDs to/from names using Samba local list of user and group +accounts, a logic error in the smbd daemon's internal security stack may result +in a transition to the root user id rather than the non-root user. The user is +then able to temporarily issue SMB/CIFS protocol operations as the root user. +This window of opportunity may allow the attacker to establish addition means +of gaining root access to the server. + +CVE-2007-2446 + +Various bugs in Samba's NDR parsing can allow a user to send specially crafted +MS-RPC requests that will overwrite the heap space with user defined data. + +CVE-2007-2447 + +Unescaped user input parameters are passed as arguments to /bin/sh allowing for +remote command execution. -- cgit v1.2.3