Debian Security Advisory DSA 1291-3 (samba) Network Vulnerability

Summary

The remote host is missing an update to samba announced via advisory DSA 1291-3.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201291-3

Insight

The security update for CVE-2007-2444 introduced a regression in the handling of the force group share parameter if the forced group is a local Unix group for domain member servers. This update fixes this regression. For the stable distribution (etch), this regression has been fixed in version 3.0.24-6etch2. The old stable distribution (sarge) is not affected by this problem. For the testing and unstable distributions (lenny and sid, respectively), this regression will be fixed soon. We recommend that you upgrade your samba package.

Severity

Classification

CVE CVE-2007-2444, CVE-2007-2446, CVE-2007-2447
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 097-1 (exim)
Debian Security Advisory DSA 047-1 (various kernel packages)
Debian Security Advisory DSA 1021-1 (netpbm-free)
Debian Security Advisory DSA 1031-1 (cacti)
Debian Security Advisory DSA 071-1 (fetchmail)

Take action and discover your vulnerabilities