Dec 09, 2013

Debian Security Advisory DSA 2812-1 (samba - several vulnerabilities)

Two security issues were found in Samba, a SMB/CIFS file, print, and
login server:

It was discovered that multiple buffer overflows in the processing
of DCE-RPC packets may lead to the execution of arbitrary code.

Hemanth Thummala discovered that ACLs were not checked when opening
files with alternate data streams. This issue is only exploitable
if the VFS modules vfs_streams_depot and/or vfs_streams_xattr are

tag_affected  = "samba on Debian Linux";
tag_insight   = "Samba is an implementation of the SMB/CIFS protocol for Unix systems,
providing support for cross-platform file and printer sharing with
Microsoft Windows, OS X, and other Unix systems. Samba can also function
as an NT4-style domain controller, and can integrate with both NT4 domains
and Active Directory realms as a member server.";
tag_solution  = "For the oldstable distribution (squeeze), these problems have been fixed in
version 3.5.6~dfsg-3squeeze11.

For the stable distribution (wheezy), these problems have been fixed in
version 3.6.6-6+deb7u2.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your samba packages.";
