similar to: [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation

Spam detection software, running on the system "mail.montanhydraulik.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see postmaster for details. Content preview: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Hi, I'm running Samba 2.0.4b on a Debian Linux (v2.2) PC. If I look at the "log.nmb" file there are many messages: [1999/10/25 08:39:19, 0] nmbd/nmbd_namequery.c:query_name_response(95) query_name_response: Multiple (2) responses received for a query on subnet 130.199.xxx.yyy for name WORK<1d>. This response was from IP 130.199.xxx.zzz The frequency is every 5 minutes.

Hi, I'm running Samba 2.0.4b on a Debian Linux (v2.2) PC. If I look at the "log.smb" file there are many messages: Attempt to locate null printername! Internal error? We have a number of print queues defined and they work fine. Here is a portion of the /etc/printcap: ================================================= # # Copyright (c) 1983 Regents of the University of California.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Multiple Heap Overflows Allow Remote == Code Execution == CVE ID#: CVE-2007-2446 == == Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive) == == Summary: Various bugs in Samba's NDR parsing == can allow a user to send specially ==

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Remote Command Injection Vulnerability == CVE ID#: CVE-2007-2447 == == Versions: Samba 3.0.0 - 3.0.25rc3 (inclusive) == == Summary: Unescaped user input parameters are passed == as arguments to /bin/sh allowing for remote == command execution

Hi All: I have a Debian 2.1 system running Samba 2.0.4 which works fine with Win95/98/NT4.0 but does not show the samba shares when the client is Win2k. You can mount the share OK even though it has a little red tail in the Windows Explorer, just can't browse to mount it. Do I have a problem or should I be patient and it will be fixed in the new samba release??? Thanks, Richard Hogue

Is anyone else having problems using Microsoft Access97 to access database files via Samba 2.0.3? When I attempt to open the Access database from my unix account via Samba, I get the Microsoft message: Microsoft Access was unable to open the Visual Basic porject for this database. Another user is saving the project now. Do you want to retry? retry cancel There

I installed samba-1.9.18p8 on our RS6000 running AIX: 4.2.1.0 with xlC: 3.1.4.0. There are 5 errors reported in "util.c" and 2 errors reported in "server.c", all about "Function argument assignment between types "unsigned long*" and "int*" is not allowed." I use encrypted passwords and have a smbpasswd password file in the ususal place. I can

Hey, digest 2286 incomplete, only first 3 topics contained. Can I get a new copy ? Thanks, Hans-Joerg Glock > -----Urspr?ngliche Nachricht----- > Von: samba@samba.org [SMTP:samba@samba.org] > Gesendet am: Mittwoch, 27. Oktober 1999 22:12 > An: Multiple recipients of list SAMBA > Betreff: SAMBA digest 2286 > > SAMBA Digest 2286 > > For information on

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks, As a small means of community service, I've decided to provide an unofficial patched version of 3.0.24 (tagged as 3.0.24-gc-1) to address the CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447 security advisories. The bzr branch is hosted at http://people.samba.org/bzr/jerry/samba-3-0-24-gc.bzr/ The source tarball is available from

I've been running SAMBA 1.9.14 and 1.9.17p4 for successfully for some time. Recently I thought it would be useful to update to the latest SAMBA version 1.9.18p7. This is the first time we are using Samba with the built-in DES. Here is our configuration: Machines: IBM RS/6000 AIX 4.1.4.0 or AIX 4.2.1.0 Compiler: xlC 3.1.4.0 My smb.conf file: [global] printing = aix print command

samba@samba.org "Chris" <chrisv@satl.com> "Chris" <chrisv@satl.com> thomas.heiligenmann@t-online.de (Thomas Heiligenmann) thomas.heiligenmann@t-online.de (Thomas Heiligenmann) Jeremy Allison <jeremy@valinux.com> Jeremy Allison <jeremy@valinux.com> David Collier-Brown - Sun Canada <davecb@scot.canada.sun.com> Subba Rao

I would like to plot a map of, say, California, showing the elevation areas. I am sure there must be a source where I can find the dataset for the elevation and maybe there's an implementation in R that allows me to map it. Any ideas would be highly appreciated. -- View this message in context: http://r.789695.n4.nabble.com/elevation-map-with-R-tp4641116.html Sent from the R help mailing

Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-4993[0]: | pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest | domain, allows local users with elevated privileges in the guest domain to | execute arbitrary commands in domain 0 via a crafted grub.conf

tags 446771 + patch thanks Hi, attached is a patch to fix this if you don't already have one. Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: CVE-2007-4993.patch Type: text/x-diff Size: 4742

Package: xen-unstable Severity: grave Tags: security Justification: user security hole Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-2004[0]: | The drive_init function in QEMU 0.9.1 determines the format of a raw | disk image based on the header, which allows local guest users to read | arbitrary files on the host by modifying the

From: "Richard W.M. Jones" <rjones at redhat.com> CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from

Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix

Source: xen Version: 4.1.2-2 Severity: critical Tags: security Justification: allows PV domains to escape into the dom0 context Hi, I realize you're most likely pretty well aware of that problem already, but Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue is tracked as CVE-2012-0217 and public as of today. Therefore I am filing this bug for coordination

Affected product: Dovecot IMAP Server Internal reference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8