Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-1291-1 samba -- several vulnerabilities

Related Vulnerabilities: CVE-2007-2444   CVE-2007-2446   CVE-2007-2447  

Several issues have been identified in Samba, the SMB/CIFS file- and print-server implementation for GNU/Linux. CVE-2007-2444 When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol operations as the root user. This window of opportunity may allow the attacker to establish addition means of gaining root access to the server. CVE-2007-2446 Various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data. CVE-2007-2447 Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution. For the stable distribution (etch), these problems have been fixed in version 3.0.24-6etch1. For the testing and unstable distributions (lenny and sid, respectively), these problems have been fixed in version 3.0.25-1. We recommend that you upgrade your samba package.

Source

Debian Security Advisory

DSA-1291-1 samba -- several vulnerabilities

Date Reported:
15 May 2007
Affected Packages:
samba
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2007-2444, CVE-2007-2446, CVE-2007-2447.
More information:

Several issues have been identified in Samba, the SMB/CIFS file- and print-server implementation for GNU/Linux.

  • CVE-2007-2444

    When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol operations as the root user. This window of opportunity may allow the attacker to establish addition means of gaining root access to the server.

  • CVE-2007-2446

    Various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data.

  • CVE-2007-2447

    Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution.

For the stable distribution (etch), these problems have been fixed in version 3.0.24-6etch4.

For the testing and unstable distributions (lenny and sid, respectively), these problems have been fixed in version 3.0.25-1.

We recommend that you upgrade your samba package.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4.dsc
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4.diff.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.24-6etch4_all.deb
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch4_all.deb
Alpha:
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_alpha.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_amd64.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_amd64.deb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_amd64.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_amd64.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_amd64.deb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_amd64.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_amd64.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_amd64.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_amd64.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_amd64.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_arm.deb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_arm.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_arm.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_arm.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_arm.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_arm.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_arm.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_arm.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_arm.deb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_arm.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_arm.deb
HPPA:
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_hppa.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_i386.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_i386.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_i386.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_i386.deb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_i386.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_i386.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_i386.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_i386.deb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_i386.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_i386.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_ia64.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_mips.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_mips.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_mips.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_mips.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_mips.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_mips.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_mips.deb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_mips.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_mips.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_mips.deb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_mipsel.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_mipsel.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_mipsel.deb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_mipsel.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_mipsel.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_mipsel.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_mipsel.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_mipsel.deb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_mipsel.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_mipsel.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_powerpc.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_s390.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_s390.deb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_s390.deb
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_s390.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_s390.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_s390.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_s390.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_s390.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_s390.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_s390.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch4_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch4_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch4_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch4_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch4_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch4_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch4_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch4_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch4_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch4_sparc.deb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch4_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started