blob: e48f2eda590ebb7ca9c69f48b2c90e62133ab50b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
source: samba
date: May 31th, 2007
author: Stefan Fritsch
vuln-type: several vulnerabilities
problem-scope: remote
debian-specifc: no
cve: CVE-2007-2444 CVE-2007-2446 CVE-2007-2447
vendor-advisory:
testing-fix: 3.0.24-6+lenny3
sid-fix: 3.0.25-1
upgrade: apt-get upgrade
Several issues have been identified in Samba, the SMB/CIFS file- and
print-server implementation for GNU/Linux.
CVE-2007-2444
When translating SIDs to/from names using Samba local list of user and group
accounts, a logic error in the smbd daemon's internal security stack may result
in a transition to the root user id rather than the non-root user. The user is
then able to temporarily issue SMB/CIFS protocol operations as the root user.
This window of opportunity may allow the attacker to establish addition means
of gaining root access to the server.
CVE-2007-2446
Various bugs in Samba's NDR parsing can allow a user to send specially crafted
MS-RPC requests that will overwrite the heap space with user defined data.
CVE-2007-2447
Unescaped user input parameters are passed as arguments to /bin/sh allowing for
remote command execution.
|