Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
The Samba server was affected by several security problems which have been fixed.
Following security problems were fixed:
CVE-2007-2446: Specially crafted MS-RPC packets could overwrite heap memory and therefore could potentially be exploited to execute code.
CVE-2007-2447: Authenticated users could leverage specially crafted MS-RPC packets to pass arguments unfiltered to /bin/sh.
CVE-2007-2444: A bug in the local SID/Name translation routines may potentially result in a user being able to issue SMB protocol operations as root.
Updates were released over the last few days as follows:
- SUSE Linux Enterprise 10, SUSE Linux 10.0, 10.1 and openSUSE 10.2 updates were released last Tuesday (May 15th)
- SUSE Linux Enterprise Server 8 and SUSE Linux Desktop 1.0 packages were released last Wednesday (May 16th)
- SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 packages were released yesterday (May 21st)
Affected
samba on SUSE LINUX 10.1, openSUSE 10.2, SuSE Linux Enterprise Server 8, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLED 10, SUSE SLES 10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities