Two security issues were found in Samba, a SMB/CIFS file, print, and login server: CVE-2013-4408 It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code. CVE-2013-4475 Hemanth Thummala discovered that ACLs were not checked when opening files with alternate data streams. This issue is only exploitable if the VFS modules vfs_streams_depot and/or vfs_streams_xattr are used. For the oldstable distribution (squeeze), these problems have been fixed in version 3.5.6~dfsg-3squeeze11. For the stable distribution (wheezy), these problems have been fixed in version 3.6.6-6+deb7u2. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your samba packages.
Two security issues were found in Samba, a SMB/CIFS file, print, and login server:
It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code.
Hemanth Thummala discovered that ACLs were not checked when opening files with alternate data streams. This issue is only exploitable if the VFS modules vfs_streams_depot and/or vfs_streams_xattr are used.
For the oldstable distribution (squeeze), these problems have been fixed in version 3.5.6~dfsg-3squeeze11.
For the stable distribution (wheezy), these problems have been fixed in version 3.6.6-6+deb7u2.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your samba packages.