CVE-2007-2446
Various bugs in Samba's NDR parsing can allow a user to send specially
crafted MS-RPC requests that will overwrite the heap space with user
defined data.
CVE-2007-2447
Unescaped user input parameters are passed as arguments to /bin/sh
allowing for remote command execution
For the old stable distribution (sarge), these problems have been fixed
in version 3.0.14a-3sarge6
We recommend that you upgrade your samba package.
Upgrade instructions
- --------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 3.1 (oldstable)
- ----------------------Oldstable updates are available for alpha, amd64, ar...
Get the latest Linux and open source security news straight to your inbox.