FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- multiple vulnerabilities

Affected packages
ja-samba < 3.0.26a
*,1 < ja-samba < 3.0.26a_2,1
samba < 3.0.26a
*,1 < samba < 3.0.26a_2,1
samba3 < 3.0.26a
*,1 < samba3 < 3.0.26a_2,1

Details

VuXML ID a63b15f9-97ff-11dc-9e48-0016179b2dd5
Discovery 2007-11-15
Entry 2007-11-21
Modified 2008-09-26

The Samba Team reports:

Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf.

[source]

Samba developers have discovered what is believed to be a non-exploitable buffer over in nmbd during the processing of GETDC logon server requests. This code is only used when the Samba server is configured as a Primary or Backup Domain Controller.

[source]

References

Bugtraq ID 26454
CVE Name CVE-2007-4572
CVE Name CVE-2007-5398
URL http://secunia.com/advisories/27450/
URL http://us1.samba.org/samba/security/CVE-2007-4572.html
URL http://us1.samba.org/samba/security/CVE-2007-5398.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.