samba -- several vulnerabilities

ID DSA-1291
Type debian
Reporter Debian
Modified 2007-05-15T00:00:00


Several issues have been identified in Samba, the SMB/CIFS file- and print-server implementation for GNU/Linux.

When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the non-root user. The user is then able to temporarily issue SMB/CIFS protocol operations as the root user. This window of opportunity may allow the attacker to establish addition means of gaining root access to the server.

Various bugs in Samba's NDR parsing can allow a user to send specially crafted MS-RPC requests that will overwrite the heap space with user defined data.

Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution.

For the stable distribution (etch), these problems have been fixed in version 3.0.24-6etch1.

For the testing and unstable distributions (lenny and sid, respectively), these problems have been fixed in version 3.0.25-1.

We recommend that you upgrade your samba package.