Impact
remote denial of service
Solution
Please Install the Updated Packages.
Insight
The Samba daemon was affected by a security problem, where a logic error in the deferred open code can lead to an infinite loop CVE-2007-0452.
This problem could be used by remote authenticated attackers that have access to the samba daemon.
Two other problems fixed in the upstream samba security release that do not affect the SUSE Samba version:
- CVE-2007-0454: A format string problem in AFS ACL handling.
None of our shipping Samba versions have this option compiled in.
- CVE-2007-0453: A buffer overflow in nss_winbind on Solaris.
Linux is generally not affected by this problem.
Affected
samba on SUSE LINUX 10.1, openSUSE 10.2, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLED 10, SUSE SLES 10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-0452, CVE-2007-0453, CVE-2007-0454 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities