[Secure-testing-commits] r5896 - data/DTSA/advs
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Tue May 22 17:28:25 UTC 2007
Author: stef-guest
Date: 2007-05-22 17:28:25 +0000 (Tue, 22 May 2007)
New Revision: 5896
Added:
data/DTSA/advs/38-samba.adv
Log:
new samba adv
Added: data/DTSA/advs/38-samba.adv
===================================================================
--- data/DTSA/advs/38-samba.adv (rev 0)
+++ data/DTSA/advs/38-samba.adv 2007-05-22 17:28:25 UTC (rev 5896)
@@ -0,0 +1,33 @@
+source: samba
+date: May 22th, 2007
+author: Stefan Fritsch
+vuln-type: several vulnerabilities
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2007-2444 CVE-2007-2446 CVE-2007-2447
+vendor-advisory:
+testing-fix: 3.0.24-6lenny2
+sid-fix: 3.0.25-1
+upgrade: apt-get upgrade
+
+Several issues have been identified in Samba, the SMB/CIFS file- and
+print-server implementation for GNU/Linux.
+
+CVE-2007-2444
+
+When translating SIDs to/from names using Samba local list of user and group
+accounts, a logic error in the smbd daemon's internal security stack may result
+in a transition to the root user id rather than the non-root user. The user is
+then able to temporarily issue SMB/CIFS protocol operations as the root user.
+This window of opportunity may allow the attacker to establish addition means
+of gaining root access to the server.
+
+CVE-2007-2446
+
+Various bugs in Samba's NDR parsing can allow a user to send specially crafted
+MS-RPC requests that will overwrite the heap space with user defined data.
+
+CVE-2007-2447
+
+Unescaped user input parameters are passed as arguments to /bin/sh allowing for
+remote command execution.
More information about the Secure-testing-commits
mailing list