Multiple vulnerabilities were found in the CIFS/SMB server
implementation Samba :
A logic error in the SID/Name translation functionality in
smbd(8) allows local users to gain temporary privileges and execute
SMB/CIFS protocol operations via unspecified vectors that cause the
daemon to transition to the "root" user (CVE-2007-2444) .
Multiple heap-based buffer overflows in the NDR parsing in
smbd(8) allow remote attackers to execute arbitrary code via crafted
MS-RPC requests (CVE-2007-2446) .
The MS-RPC functionality in smbd(8) allows remote attackers to
execute arbitrary commands via shell metacharacters involving the
(1) "SamrChangePassword" function, when the "username map script"
"smb.conf" option is enabled, and allows remote authenticated users
to execute commands via shell metacharacters involving other MS-RPC
functions in the (2) remote printer and (3) file share management
A buffer overflow in the "nss_winbind" library, as used in
the winbindd(8) daemon, allows attackers to execute arbitrary
code via the gethostbyname(3) and getipnodebyname(3) functions
A format string vulnerability in the "afsacl" VFS module in
allows context-dependent attackers to execute arbitrary code via
format string specifiers in a filename on an AFS file system, which
is not properly handled during Windows ACL mapping (CVE-2007-0454)
For security reasons, this document was digitally signed with the
OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)
which you can download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.