Synopsis: Critical: samba security update Issue date: 2007-05-14 CVE Names: CVE-2007-2446 CVE-2007-2447 Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. (CVE-2007-2446) Unescaped user input parameters were being passed as arguments to /bin/sh. A remote, authenticated, user could have triggered this flaw and executed arbitrary code on the server. Additionally on Scientific Linux 5 this flaw could be triggered by a remote unauthenticated user if Samba was configured to use the non-default "username map script" option. (CVE-2007-2447) SL 3.0.x SRPMS: samba-3.0.9-1.3E.13.2.src.rpm i386: samba-3.0.9-1.3E.13.2.i386.rpm samba-client-3.0.9-1.3E.13.2.i386.rpm samba-common-3.0.9-1.3E.13.2.i386.rpm samba-swat-3.0.9-1.3E.13.2.i386.rpm x86_64: samba-3.0.9-1.3E.13.2.i386.rpm samba-3.0.9-1.3E.13.2.x86_64.rpm samba-client-3.0.9-1.3E.13.2.x86_64.rpm samba-common-3.0.9-1.3E.13.2.i386.rpm samba-common-3.0.9-1.3E.13.2.x86_64.rpm samba-swat-3.0.9-1.3E.13.2.x86_64.rpm SL 4.x SRPMS: samba-3.0.10-1.4E.12.2.src.rpm i386: samba-3.0.10-1.4E.12.2.i386.rpm samba-client-3.0.10-1.4E.12.2.i386.rpm samba-common-3.0.10-1.4E.12.2.i386.rpm samba-swat-3.0.10-1.4E.12.2.i386.rpm x86_64: samba-3.0.10-1.4E.12.2.x86_64.rpm samba-client-3.0.10-1.4E.12.2.x86_64.rpm samba-common-3.0.10-1.4E.12.2.i386.rpm samba-common-3.0.10-1.4E.12.2.x86_64.rpm samba-swat-3.0.10-1.4E.12.2.x86_64.rpm SL 5.x SRPMS: samba-3.0.23c-2.el5.2.0.2.src.rpm i386: samba-3.0.23c-2.el5.2.0.2.i386.rpm samba-client-3.0.23c-2.el5.2.0.2.i386.rpm samba-common-3.0.23c-2.el5.2.0.2.i386.rpm samba-swat-3.0.23c-2.el5.2.0.2.i386.rpm -Connie Sieh -Troy Dawson