Solution
Please Install the Updated Packages.
Insight
A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server (CVE-2007-2446).
A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh (CVE-2007-2447).
Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user (CVE-2007-2444).
Update:
The fix for CVE-2007-2444 broke the behaviour of force group when the forced group is a local Unix group for domain member servers.
This update corrects that regression.
Affected
samba on Mandriva Linux 2007.0,
Mandriva Linux 2007.0/X86_64,
Mandriva Linux 2007.1,
Mandriva Linux 2007.1/X86_64
Severity
Classification
-
CVE CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities