9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
CentOS Errata and Security Advisory CESA-2007:1114
Samba is a suite of programs used by machines to share files, printers, and
other information.
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. (CVE-2007-6015)
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.
This update also fixes a regression caused by the fix for CVE-2007-4572,
which prevented some clients from being able to properly access shares.
Users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-December/076652.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076654.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076656.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076657.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076660.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076661.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076665.html
https://lists.centos.org/pipermail/centos-announce/2007-December/076666.html
Affected packages:
samba
samba-client
samba-common
samba-swat
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:1114
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | ia64 | samba | < 3.0.9-1.3E.14.3 | samba-3.0.9-1.3E.14.3.ia64.rpm |
CentOS | 3 | ia64 | samba-client | < 3.0.9-1.3E.14.3 | samba-client-3.0.9-1.3E.14.3.ia64.rpm |
CentOS | 3 | ia64 | samba-common | < 3.0.9-1.3E.14.3 | samba-common-3.0.9-1.3E.14.3.ia64.rpm |
CentOS | 3 | ia64 | samba-swat | < 3.0.9-1.3E.14.3 | samba-swat-3.0.9-1.3E.14.3.ia64.rpm |
CentOS | 4 | ia64 | samba | < 3.0.25b-1.c4.4 | samba-3.0.25b-1.c4.4.ia64.rpm |
CentOS | 4 | ia64 | samba-client | < 3.0.25b-1.c4.4 | samba-client-3.0.25b-1.c4.4.ia64.rpm |
CentOS | 4 | ia64 | samba-common | < 3.0.25b-1.c4.4 | samba-common-3.0.25b-1.c4.4.ia64.rpm |
CentOS | 4 | ia64 | samba-swat | < 3.0.25b-1.c4.4 | samba-swat-3.0.25b-1.c4.4.ia64.rpm |
CentOS | 3 | i386 | samba | < 3.0.9-1.3E.14.3 | samba-3.0.9-1.3E.14.3.i386.rpm |
CentOS | 3 | i386 | samba-client | < 3.0.9-1.3E.14.3 | samba-client-3.0.9-1.3E.14.3.i386.rpm |