Several issues have been identified in Samba, the SMB/CIFS
file- and print-server implementation for GNU/Linux.
- CVE-2007-2444
When translating SIDs to/from names using Samba local list of user and
group accounts, a logic error in the smbd daemon’s internal security
stack may result in a transition to the root user id rather than the
non-root user. The user is then able to temporarily issue SMB/CIFS
protocol operations as the root user. This window of opportunity may
allow the attacker to establish addition means of gaining root access to
the server.
- CVE-2007-2446
Various bugs in Samba’s NDR parsing can allow a user to send specially
crafted MS-RPC requests that will overwrite the heap space with user
defined data.
- CVE-2007-2447
Unescaped user input parameters are passed as arguments to /bin/sh
allowing for remote command execution.
For the stable distribution (etch), these problems have been fixed in
version 3.0.24-6etch1.
For the testing and unstable distributions (lenny and sid,
respectively), these problems have been fixed in version 3.0.25-1.
We recommend that you upgrade your samba package.