what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

OpenPKG Security Advisory 2007.12

OpenPKG Security Advisory 2007.12
Posted May 21, 2007
Authored by OpenPKG Foundation | Site openpkg.com

OpenPKG Security Advisory - Multiple vulnerabilities were found in the CIFS/SMB server implementation Samba.

tags | advisory, vulnerability
advisories | CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2007-2453, CVE-2007-2454
SHA-256 | 9c9c5ff7ea80d2352d3c98caf5ce202df67d9f7bcb059cafc04b46c14805b953

OpenPKG Security Advisory 2007.12

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name: OpenPKG GmbH
Publisher Home: http://openpkg.com/

Advisory Id (public): OpenPKG-SA-2007.012
Advisory Type: OpenPKG Security Advisory (SA)
Advisory Directory: http://openpkg.com/go/OpenPKG-SA
Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.012
Advisory Published: 2007-05-17 19:46 UTC

Issue Id (internal): OpenPKG-SI-20070517.01
Issue First Created: 2007-05-17
Issue Last Modified: 2007-05-17
Issue Revision: 04
____________________________________________________________________________

Subject Name: Samba
Subject Summary: CIFS/SMB Server
Subject Home: http://www.samba.org/
Subject Versions: 3..* <= 3.0.24

Vulnerability Id: CVE-2007-2444, CVE-2007-2446, CVE-2007-2447,
CVE-2007-2453, CVE-2007-2454
Vulnerability Scope: global (not OpenPKG specific)

Attack Feasibility: run-time
Attack Vector: remote network
Attack Impact: denial of service, privilege escalation,
arbitrary code execution

Description:
Multiple vulnerabilities were found in the CIFS/SMB server
implementation Samba [0]:

1. A logic error in the SID/Name translation functionality in
smbd(8) allows local users to gain temporary privileges and execute
SMB/CIFS protocol operations via unspecified vectors that cause the
daemon to transition to the "root" user (CVE-2007-2444) [1].

2. Multiple heap-based buffer overflows in the NDR parsing in
smbd(8) allow remote attackers to execute arbitrary code via crafted
MS-RPC requests (CVE-2007-2446) [2].

3. The MS-RPC functionality in smbd(8) allows remote attackers to
execute arbitrary commands via shell metacharacters involving the
(1) "SamrChangePassword" function, when the "username map script"
"smb.conf" option is enabled, and allows remote authenticated users
to execute commands via shell metacharacters involving other MS-RPC
functions in the (2) remote printer and (3) file share management
(CVE-2007-2447) [3].

4. A buffer overflow in the "nss_winbind" library, as used in
the winbindd(8) daemon, allows attackers to execute arbitrary
code via the gethostbyname(3) and getipnodebyname(3) functions
(CVE-2007-0453) [4].

5. A format string vulnerability in the "afsacl" VFS module in
allows context-dependent attackers to execute arbitrary code via
format string specifiers in a filename on an AFS file system, which
is not properly handled during Windows ACL mapping (CVE-2007-0454)
[5].

References:
[0] http://www.samba.org/
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2453
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2454
____________________________________________________________________________

Primary Package Name: samba
Primary Package Home: http://openpkg.org/go/package/samba

Corrected Distribution: Corrected Branch: Corrected Package:
OpenPKG Enterprise E1.0-SOLID samba-3.0.23c-E1.0.1
____________________________________________________________________________

For security reasons, this document was digitally signed with the
OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)
which you can download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFGTJT1ZwQuyWG3rjQRAsjvAKCjc+e+hANJ3QBHWMm9aZq8oMzDYwCgy9Ht
fbbMBTfSWcXumeopl5JdD10=
=IbJR
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close