stef-guest at alioth.debian.org
2007-May-22 17:28 UTC
[Secure-testing-commits] r5896 - data/DTSA/advs
Author: stef-guest Date: 2007-05-22 17:28:25 +0000 (Tue, 22 May 2007) New Revision: 5896 Added: data/DTSA/advs/38-samba.adv Log: new samba adv Added: data/DTSA/advs/38-samba.adv ==================================================================--- data/DTSA/advs/38-samba.adv (rev 0) +++ data/DTSA/advs/38-samba.adv 2007-05-22 17:28:25 UTC (rev 5896) @@ -0,0 +1,33 @@ +source: samba +date: May 22th, 2007 +author: Stefan Fritsch +vuln-type: several vulnerabilities +problem-scope: remote +debian-specifc: no +cve: CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 +vendor-advisory: +testing-fix: 3.0.24-6lenny2 +sid-fix: 3.0.25-1 +upgrade: apt-get upgrade + +Several issues have been identified in Samba, the SMB/CIFS file- and +print-server implementation for GNU/Linux. + +CVE-2007-2444 + +When translating SIDs to/from names using Samba local list of user and group +accounts, a logic error in the smbd daemon''s internal security stack may result +in a transition to the root user id rather than the non-root user. The user is +then able to temporarily issue SMB/CIFS protocol operations as the root user. +This window of opportunity may allow the attacker to establish addition means +of gaining root access to the server. + +CVE-2007-2446 + +Various bugs in Samba''s NDR parsing can allow a user to send specially crafted +MS-RPC requests that will overwrite the heap space with user defined data. + +CVE-2007-2447 + +Unescaped user input parameters are passed as arguments to /bin/sh allowing for +remote command execution.