full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] FLEA-2007-0017-1: samba

[Full-disclosure] FLEA-2007-0017-1: samba

From: Foresight Linux Essential Announcement Service <foresight-security-noreply_at_nospam>
Date: Tue May 15 2007 - 19:43:04 GMT
To: foresight-security-announce@lists.rpath.org


Foresight Linux Essential Advisory: 2007-0017-1 Published: 2007-05-15

Rating: Severe

Updated Versions:

    samba=/conary.rpath.com@rpl:devel//1/3.0.25-0.1-1     group-dist=/foresight.rpath.org@fl:1-devel//1/1.2.2-0.6-1

References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242     http://lwn.net/Articles/232675/

References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447     https://issues.rpath.com/browse/RPL-1366

Description:

    Previous versions of the samba package are vulnerable to multiple attacks in which remote attackers may be able to run arbitrary code as the root user on samba servers. The default install of Foresight is not vulnerable - one must manually configure samba for these vulnerabilities to be exposed. --- Copyright 2007 Foresight Linux Project Portions Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/