Stefan Fritsch
2007-May-31 18:41 UTC
[SECURITY] [DTSA-41-1] New samba packages fix several vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Testing Security Advisory DTSA-41-1 May 31th, 2007 secure-testing-team at lists.alioth.debian.org Stefan Fritsch http://secure-testing-master.debian.net/ - -------------------------------------------------------------------------- Package : samba Vulnerability : several vulnerabilities Problem-Scope : remote Debian-specific: No CVE ID : CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 Several issues have been identified in Samba, the SMB/CIFS file- and print-server implementation for GNU/Linux. CVE-2007-2444 When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon''s internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol operations as the root user. This window of opportunity may allow the attacker to establish addition means of gaining root access to the server. CVE-2007-2446 Various bugs in Samba''s NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data. CVE-2007-2447 Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution. For the testing distribution (lenny) this is fixed in version 3.0.24-6+lenny3 Packages for the alpha, arm, mipsel, and powerpc architectures are still missing and will be released when they become available. For the unstable distribution (sid) this is fixed in version 3.0.25-1 This upgrade is strongly recommended if you use samba. The Debian testing security team does not track security issues for the stable (etch) and oldstable (sarge) distributions. If stable is vulnerable, the Debian security team will make an announcement once a fix is ready. Upgrade Instructions - -------------------- To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list: deb http://security.debian.org/ testing/updates main contrib non-free deb-src http://security.debian.org/ testing/updates main contrib non-free To install the update, run this command as root: apt-get update && apt-get upgrade For further information about the Debian testing security team, please refer to http://secure-testing-master.debian.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGXxbQbxelr8HyTqQRAglaAJ9z0+Ebh7Qo+xekh/hbQUkIrQCbiQCgmk3N mGicXxK0KB0Vvrkg9XrjXD4=M989 -----END PGP SIGNATURE-----