[SECURITY] [DTSA-41-1] New samba packages fix several vulnerabilities

Subject: [SECURITY] [DTSA-41-1] New samba packages fix several vulnerabilities
From: sf at sfritsch.de (Stefan Fritsch)
Date: Thu, 31 May 2007 20:41:20 +0200
Message-id: <[🔎] E1HtpaK-0004oZ-7j@k.lan>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-41-1                  May 31th, 2007
secure-testing-team at lists.alioth.debian.org                 Stefan Fritsch
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------

Package        : samba
Vulnerability  : several vulnerabilities
Problem-Scope  : remote
Debian-specific: No
CVE ID         : CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 

Several issues have been identified in Samba, the SMB/CIFS file- and
print-server implementation for GNU/Linux.

CVE-2007-2444 

When translating SIDs to/from names using Samba local list of user and group
accounts, a logic error in the smbd daemon's internal security stack may result
in a transition to the root user id rather than the non-root user. The user is
then able to temporarily issue SMB/CIFS protocol operations as the root user.
This window of opportunity may allow the attacker to establish addition means
of gaining root access to the server.

CVE-2007-2446 

Various bugs in Samba's NDR parsing can allow a user to send specially crafted
MS-RPC requests that will overwrite the heap space with user defined data.

CVE-2007-2447 

Unescaped user input parameters are passed as arguments to /bin/sh allowing for
remote command execution.

For the testing distribution (lenny) this is fixed in version
3.0.24-6+lenny3

Packages for the alpha, arm, mipsel, and powerpc architectures are still missing
and will be released when they become available.

For the unstable distribution (sid) this is fixed in version
3.0.25-1

This upgrade is strongly recommended if you use samba.

The Debian testing security team does not track security issues for the
stable (etch) and oldstable (sarge) distributions. If stable is vulnerable,
the Debian security team will make an announcement once a fix is ready.

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free

To install the update, run this command as root:

apt-get update && apt-get upgrade

For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGXxbQbxelr8HyTqQRAglaAJ9z0+Ebh7Qo+xekh/hbQUkIrQCbiQCgmk3N
mGicXxK0KB0Vvrkg9XrjXD4=
=M989
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DTSA-40-1] New php4 packages fix several vulnerabilities
Previous by thread: [SECURITY] [DTSA-40-1] New php4 packages fix several vulnerabilities
Index(es):
- Date
- Thread