Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: New Samba release fixes three important vulnerabilities - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Samba release fixes three important vulnerabilities

The Samba project has just released version 3.0.25 of their SMB/CIFS server software. As this is widely used to serve printer and filesystem access from Unix servers to networks with Windows clients, we suggest reviewing whether you may need to upgrade.

CVE-2007-2446 is a remote code execution vulnerability through multiple heap overflows. It applies to versions 3.0.0 through 3.0.25rc3.

CVE-2007-2444 can allow a user to temporary escalate his privileges to root. It applies to versions 3.0.23d through 3.0.25pre2.

CVE-2007-2447 allows for remote code execution through unescaped input parameters to /bin/sh. A workaround consists of removing all external script invocations from the SMB configuration file. It applies to versions 3.0.0 through 3.0.25rc3.

Maarten

158 Posts

Sign Up for Free or Log In to start participating in the conversation!