[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DTSA-41-1] New samba packages fix several vulnerabilities

Hash: SHA1

- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-41-1                  May 31th, 2007
secure-testing-team at lists.alioth.debian.org                 Stefan Fritsch
- --------------------------------------------------------------------------

Package        : samba
Vulnerability  : several vulnerabilities
Problem-Scope  : remote
Debian-specific: No
CVE ID         : CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 

Several issues have been identified in Samba, the SMB/CIFS file- and
print-server implementation for GNU/Linux.


When translating SIDs to/from names using Samba local list of user and group
accounts, a logic error in the smbd daemon's internal security stack may result
in a transition to the root user id rather than the non-root user. The user is
then able to temporarily issue SMB/CIFS protocol operations as the root user.
This window of opportunity may allow the attacker to establish addition means
of gaining root access to the server.


Various bugs in Samba's NDR parsing can allow a user to send specially crafted
MS-RPC requests that will overwrite the heap space with user defined data.


Unescaped user input parameters are passed as arguments to /bin/sh allowing for
remote command execution.

For the testing distribution (lenny) this is fixed in version

Packages for the alpha, arm, mipsel, and powerpc architectures are still missing
and will be released when they become available.

For the unstable distribution (sid) this is fixed in version

This upgrade is strongly recommended if you use samba.

The Debian testing security team does not track security issues for the
stable (etch) and oldstable (sarge) distributions. If stable is vulnerable,
the Debian security team will make an announcement once a fix is ready.

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free

To install the update, run this command as root:

apt-get update && apt-get upgrade

For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
Version: GnuPG v1.4.6 (GNU/Linux)


Reply to: