10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
May 14, 2007 Alexander Bokovoy 3.0.25-alt1
- New release
- Security fixes for CVE-2007-2444, CVE-2007-2446, and CVE-2007-2447:
+ CVE-2007-2444
Versions: Samba 3.0.23d - 3.0.25pre2
Local SID/Name translation bug can result in user privilege elevation
+ CVE-2007-2446
Versions: Samba 3.0.0 - 3.0.24
Multiple heap overflows allow remote code execution
+ CVE-2007-2447
Versions: Samba 3.0.0 - 3.0.24
Unescaped user input parameters are passed as
arguments to /bin/sh allowing for remote command
execution
- Removed:
+ smbwrapper, as it is not supported anymore
- Fixed:
+ python build w.r.t. -pie