Debian 1409 Moderate: Samba Remote Execution Risks and Updates
debian
November 22, 2007
Several local/remote vulnerabilities have been discovered in samba,
a LanManager-like file and printer server for Unix
Summary
Alin Rad Pop of Secunia Research discovered that nmbd did not properly
check the length of netbios packets. When samba is configured as a WINS
server, a remote attacker could send multiple crafted requests resulting
in the execution of arbitrary code with root privileges.
CVE-2007-4572
Samba developers discovered that nmbd could be made to overrun a buffer
during the processing of GETDC logon server requests. When samba is
configured as a Primary or Backup Domain Controller, a remote attacker
could send malicious logon requests and possibly cause a denial of
service.
For the stable distribution (etch), these problems have been fixed in
version 3.0.24-6etch5.
For the old stable distribution (sarge), these problems have been fixed in
version 3.0.14a-3sarge7.
For the unstable distribution (sid), these problems have been fixed in
version 3.0.27-1.
We recommend that you upgrade your samba packages.
Upgrade instructions
- --------------------wget url
...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!