Gerald (Jerry) Carter
2007-May-14 14:55 UTC
[SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution
Spam detection software, running on the system "mail.montanhydraulik.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see postmaster for details. Content preview: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == = Subject: Multiple Heap Overflows Allow Remote == Code Execution == CVE ID#: CVE-2007-2446 == == Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive) == == Summary: Various bugs in Samba's NDR parsing == can allow a user to send specially == crafted MS-RPC requests that will == overwrite the heap space with user == defined data. = ========================================================== [...] Content analysis details: (5.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.1 FORGED_RCVD_HELO Received: contains a forged HELO 1.2 DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [68.117.186.136 listed in dnsbl.sorbs.net] 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP [68.117.186.136 listed in combined.njabl.org] -------------- next part -------------- An embedded message was scrubbed... From: "Gerald (Jerry) Carter" <jerry@samba.org> Subject: [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution Date: Sun, 13 May 2007 17:52:52 -0500 Size: 5760 Url: lists.samba.org/archive/samba-announce/attachments/20070513/517b268c/attachment.eml
Reasonably Related Threads
- [SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability
- [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation
- SSE bug on Win32 with GCC 4.2.1
- Re: Re: Here [Authorize]
- *****SPAM***** Spanish translation