Slackware 11.0 Security Advisory: Critical Samba Remote Exec Issue

slackware

May 15, 2007

New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, and -current to fix security issues

Summary

Here are the details from the Slackware 11.0 ChangeLog: patches/packages/samba-3.0.25-i486-1_slack11.0.tgz: Upgraded to samba-3.0.25. Security Fixes included in the Samba 3.0.25 release are: o CVE-2007-2444 Versions: Samba 3.0.23d - 3.0.25pre2 Local SID/Name translation bug can result in user privilege elevation o CVE-2007-2446 Versions: Samba 3.0.0 - 3.0.24 Multiple heap overflows allow remote code execution o CVE-2007-2447 Versions: Samba 3.0.0 - 3.0.24 Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution For more information, see: https://www.cve.org/CVERecord?id=CVE-2007-2444 https://www.cve.org/CVERecord?id=CVE-2007-2446 https://www.cve.org/CVERecord?id=CVE-2007-2447 (* Security fix *)

Topics Covered

security advisory critical privilege escalation samba remote execution slackware

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 10.0:
Updated package for Slackware 10.1:
Updated package for Slackware 10.2:
Updated package for Slackware 11.0:
Updated package for Slackware -current:

MD5 Signatures

Slackware 10.0 package: 388421f6cb6392b1a8610ca4d65e1f2e samba-3.0.25-i486-1_slack10.0.tgz
Slackware 10.1 package: 8dbe857b25dcd2fd8ded5afbeb110800 samba-3.0.25-i486-1_slack10.1.tgz
Slackware 10.2 package: 9d768f8d50aeb2790344a441505a2a2c samba-3.0.25-i486-1_slack10.2.tgz
Slackware 11.0 package: 65775e4d63ebb041344e0f74e33b2285 samba-3.0.25-i486-1_slack11.0.tgz
Slackware -current package: a98430e0830c78168562bb49304dfb91 samba-3.0.25-i486-1.tgz

Severity

critical

Lowest

Low

Medium

High

Critical

Topics Covered

security advisory critical privilege escalation samba remote execution slackware

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg samba-3.0.25-i486-1_slack11.0.tgz Restart samba: # /etc/rc.d/rc.samba restart

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware 11.0 Security Advisory: Critical Samba Remote Exec Issue

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware 11.0 Security Advisory: Critical Samba Remote Exec Issue

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!