 
| Content-type: |
TEXT/PLAIN; format=flowed; charset=US-ASCII |
| Sender: |
|
| Subject: |
|
| From: |
|
| Date: |
Mon, 14 May 2007 17:15:50 -0500 |
| MIME-version: |
1.0 |
| Comments: |
|
| Reply-To: |
|
| Parts/Attachments: |
|
|
Synopsis: Critical: samba security update
Issue date: 2007-05-14
CVE Names: CVE-2007-2446 CVE-2007-2447
Various bugs were found in NDR parsing, used to decode MS-RPC requests in
Samba. A remote attacker could have sent carefully crafted requests
causing a heap overflow, which may have led to the ability to execute
arbitrary code on the server. (CVE-2007-2446)
Unescaped user input parameters were being passed as arguments to /bin/sh.
A remote, authenticated, user could have triggered this flaw and executed
arbitrary code on the server. Additionally on Scientific Linux 5 this
flaw could be triggered by a remote unauthenticated user if
Samba was configured to use the non-default "username map script" option.
(CVE-2007-2447)
SL 3.0.x
SRPMS:
samba-3.0.9-1.3E.13.2.src.rpm
i386:
samba-3.0.9-1.3E.13.2.i386.rpm
samba-client-3.0.9-1.3E.13.2.i386.rpm
samba-common-3.0.9-1.3E.13.2.i386.rpm
samba-swat-3.0.9-1.3E.13.2.i386.rpm
x86_64:
samba-3.0.9-1.3E.13.2.i386.rpm
samba-3.0.9-1.3E.13.2.x86_64.rpm
samba-client-3.0.9-1.3E.13.2.x86_64.rpm
samba-common-3.0.9-1.3E.13.2.i386.rpm
samba-common-3.0.9-1.3E.13.2.x86_64.rpm
samba-swat-3.0.9-1.3E.13.2.x86_64.rpm
SL 4.x
SRPMS:
samba-3.0.10-1.4E.12.2.src.rpm
i386:
samba-3.0.10-1.4E.12.2.i386.rpm
samba-client-3.0.10-1.4E.12.2.i386.rpm
samba-common-3.0.10-1.4E.12.2.i386.rpm
samba-swat-3.0.10-1.4E.12.2.i386.rpm
x86_64:
samba-3.0.10-1.4E.12.2.x86_64.rpm
samba-client-3.0.10-1.4E.12.2.x86_64.rpm
samba-common-3.0.10-1.4E.12.2.i386.rpm
samba-common-3.0.10-1.4E.12.2.x86_64.rpm
samba-swat-3.0.10-1.4E.12.2.x86_64.rpm
SL 5.x
SRPMS:
samba-3.0.23c-2.el5.2.0.2.src.rpm
i386:
samba-3.0.23c-2.el5.2.0.2.i386.rpm
samba-client-3.0.23c-2.el5.2.0.2.i386.rpm
samba-common-3.0.23c-2.el5.2.0.2.i386.rpm
samba-swat-3.0.23c-2.el5.2.0.2.i386.rpm
-Connie Sieh
-Troy Dawson
|
|
|
