Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Scientific Linux: Critical Samba Update Advisories and Threats

Calendar Nov 15, 2007 User Avatar LinuxSecurity Advisories
2 - 3 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory critical issue buffer overflow remote access samba Scientific Linux
Critical: samba security update 
Date:         Thu, 15 Nov 2007 14:10:49 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA for samba on SL5.x, SL4.x, SL3,x i386/x86_64
Comments: To: This email address is being protected from spambots. You need JavaScript enabled to view it.

Synopsis:	Critical: samba security update
Issue date:	2007-11-15
CVE Names:	CVE-2007-4572 CVE-2007-4138 CVE-2007-5398

A buffer overflow flaw was found in the way Samba creates NetBIOS replies.
If a Samba server is configured to run as a WINS server, a remote
unauthenticated user could cause the Samba server to crash or execute
arbitrary code. (CVE-2007-5398)

A heap based buffer overflow flaw was found in the way Samba authenticates
users. A remote unauthenticated user could trigger this flaw to cause the
Samba server to crash. Careful analysis of this flaw has determined that
arbitrary code execution is not possible, and under most circumstances will
not result in a crash of the Samba server. (CVE-2007-4572)

A flaw was found in the way Samba assigned group IDs under certain
conditions. If the "winbind nss info" parameter in smb.conf is set to
either "sfu" or "rfc2307", Samba users are incorrectly assigned the group
ID of 0. (CVE-2007-4138)

SL 3.0.x

   SRPMS:
samba-3.0.9-1.3E.14.1.src.rpm
   i386:
samba-3.0.9-1.3E.14.1.i386.rpm
samba-client-3.0.9-1.3E.14.1.i386.rpm
samba-common-3.0.9-1.3E.14.1.i386.rpm
samba-swat-3.0.9-1.3E.14.1.i386.rpm
   x86_64:
samba-3.0.9-1.3E.14.1.i386.rpm
samba-3.0.9-1.3E.14.1.x86_64.rpm
samba-client-3.0.9-1.3E.14.1.x86_64.rpm
samba-common-3.0.9-1.3E.14.1.i386.rpm
samba-common-3.0.9-1.3E.14.1.x86_64.rpm
samba-swat-3.0.9-1.3E.14.1.x86_64.rpm

SL 4.x

   SRPMS:
samba-3.0.25b-1.el4.2.src.rpm
   i386:
samba-3.0.25b-1.el4.2.i386.rpm
samba-client-3.0.25b-1.el4.2.i386.rpm
samba-common-3.0.25b-1.el4.2.i386.rpm
samba-swat-3.0.25b-1.el4.2.i386.rpm
   x86_64:
samba-3.0.25b-1.el4.2.x86_64.rpm
samba-client-3.0.25b-1.el4.2.x86_64.rpm
samba-common-3.0.25b-1.el4.2.i386.rpm
samba-common-3.0.25b-1.el4.2.x86_64.rpm
samba-swat-3.0.25b-1.el4.2.x86_64.rpm

SL 5.x

   SRPMS:
samba-3.0.25b-1.el5.2.src.rpm
   i386:
samba-3.0.25b-1.el5.2.i386.rpm
samba-client-3.0.25b-1.el5.2.i386.rpm
samba-common-3.0.25b-1.el5.2.i386.rpm
samba-swat-3.0.25b-1.el5.2.i386.rpm
   x86_64:
samba-3.0.25b-1.el5.2.x86_64.rpm
samba-client-3.0.25b-1.el5.2.x86_64.rpm
samba-common-3.0.25b-1.el5.2.i386.rpm
samba-common-3.0.25b-1.el5.2.x86_64.rpm
samba-swat-3.0.25b-1.el5.2.x86_64.rpm

-Connie Sieh
-Troy Dawson

Related News

Your message here