9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
CentOS Errata and Security Advisory CESA-2007:1114-01
Samba is a suite of programs used by machines to share files, printers, and
other information.
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. (CVE-2007-6015)
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly disclosing this issue.
This update also fixes a regression caused by the fix for CVE-2007-4572,
which prevented some clients from being able to properly access shares.
Users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-December/076663.html
Affected packages:
samba
samba-client
samba-common
samba-swat
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | samba | < 2.2.12-1.21as.8.2 | samba-2.2.12-1.21as.8.2.i386.rpm |
CentOS | 2 | i386 | samba-client | < 2.2.12-1.21as.8.2 | samba-client-2.2.12-1.21as.8.2.i386.rpm |
CentOS | 2 | i386 | samba-common | < 2.2.12-1.21as.8.2 | samba-common-2.2.12-1.21as.8.2.i386.rpm |
CentOS | 2 | i386 | samba-swat | < 2.2.12-1.21as.8.2 | samba-swat-2.2.12-1.21as.8.2.i386.rpm |