Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Mandriva Update for samba MDKSA-2007:104-1 (samba)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Check for the Version of samba
Insight
Insight
A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server (CVE-2007-2446). A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh (CVE-2007-2447). Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user (CVE-2007-2444). Update: The fix for CVE-2007-2444 broke the behaviour of force group when the forced group is a local Unix group for domain member servers. This update corrects that regression.
Affected Software
Affected Software
samba on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64
Solution
Solution
Please Install the Updated Packages.