HP Security Bulletin - Potential vulnerabilities have been identified with Samba provided with HP Internet Express for Tru64 UNIX (IX) v 6.6. The potential vulnerabilities could be exploited by a remote, unauthenticated user to execute arbitrary commands or by a local, unauthorized user to gain privilege elevation.
23966da5584e9e4ffa5a6283e67cdaa9ec6d2cadc2a87dcce5814921d76779b2Debian Security Advisory 1291-4 - The samba security update for CVE-2007-2446 introduced a regression, which broke connection to domain member servers in some scenarios. This update fixes this regression.
ca183405f2b1680ff8eecc3e3bd42583d58d4b5c42ab6cf1c4eff0b8c06ee585Mandriva Linux Security Advisory - A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server. A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh. Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user.
86de3c706857ded99d56047efb47ebe3e745af47ea791c8e0aae3aed6d2adbc6Ubuntu Security Notice 460-2 - USN-460-1 fixed several vulnerabilities in Samba. The upstream changes for CVE-2007-2444 had an unexpected side-effect in Feisty. Shares configured with the "force group" option no longer behaved correctly.
ca0598a357569fce6ff669d7a3d77867c42650072d28dcc5457252e477124a60Debian Security Advisory 1291-3 - The security update for CVE-2007-2444 introduced a regression in the handling of the "force group" share parameter if the forced group is a local Unix group for domain member servers. This update fixes this regression.
50bf3c3fe92af9a400e90d59ec1d9b9b6598883bf6761140638087496f609883OpenPKG Security Advisory - Multiple vulnerabilities were found in the CIFS/SMB server implementation Samba.
9c9c5ff7ea80d2352d3c98caf5ce202df67d9f7bcb059cafc04b46c14805b953Ubuntu Security Notice 460-1 - Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs. A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges. Brian Schafer discovered that Samba did not handle NDR parsing correctly. A remote attacker could send specially crafted MS-RPC requests that could overwrite heap memory and execute arbitrary code. It was discovered that Samba did not correctly escape input parameters for external scripts defined in smb.conf. Remote authenticated users could send specially crafted MS-RPC requests and execute arbitrary shell commands.
6914e4ef57d5cba14b131afee51e340df9513c0e417dc92314448e89e764889fDebian Security Advisory 1291-1 - Several issues have been identified in Samba, the SMB/CIFS file and print server implementation for GNU/Linux. When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol operations as the root user. This window of opportunity may allow the attacker to establish addition means of gaining root access to the server. Various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data. Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution
2c5900e1912afd8808c8d32a8f51cf028a1f8f9945e52bcc70856e6f69c1562fGentoo Linux Security Advisory GLSA 200705-15 - Samba contains a logical error in the smbd daemon when translating local SID to user names (CVE-2007-2444). Furthermore, Samba contains several bugs when parsing NDR encoded RPC parameters (CVE-2007-2446). Lastly, Samba fails to properly sanitize remote procedure input provided via Microsoft Remote Procedure Calls (CVE-2007-2447). Versions less than 3.0.24-r2 are affected.
11828015d844fd7596084722c8d3906387cfbfabeefee3497ff0cdd5165a5763In Samba versions 3.0.23d through 3.0.25pre2, a bug in the local SID/Name translation routines may potentially result in a user being able to issue SMB/CIFS protocol operations as root.
02de903ea0f07758ea335309c38eb5f014df4b420fb1e348b4cbb54cbf6097e6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed