-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:104-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : samba Date : May 23, 2007 Affected: 2007.0, 2007.1 _______________________________________________________________________ Problem Description: A number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server (CVE-2007-2446). A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh (CVE-2007-2447). Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user (CVE-2007-2444). Update: The fix for CVE-2007-2444 broke the behaviour of force group when the forced group is a local Unix group for domain member servers. This update corrects that regression. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 2ba4a54f7c3ea9fa3e7d716b78a9ccf3 2007.0/i586/libsmbclient0-3.0.23d-2.3mdv2007.0.i586.rpm 8d5cd8a8d91808cf5b28173399a4dccd 2007.0/i586/libsmbclient0-devel-3.0.23d-2.3mdv2007.0.i586.rpm 2afc7a841894a7d1ec6a10e43be56cb3 2007.0/i586/libsmbclient0-static-devel-3.0.23d-2.3mdv2007.0.i586.rpm 862bcb6362c116f547bcbb34c32d7382 2007.0/i586/mount-cifs-3.0.23d-2.3mdv2007.0.i586.rpm 153b0bb5e27b67e8bae513774b25d4fb 2007.0/i586/nss_wins-3.0.23d-2.3mdv2007.0.i586.rpm 29d1b0a886865dd4f7d23f0cf47d754c 2007.0/i586/samba-client-3.0.23d-2.3mdv2007.0.i586.rpm c0df231352bf46e322ad1ff8805ba25a 2007.0/i586/samba-common-3.0.23d-2.3mdv2007.0.i586.rpm 4870de87bdf5da9e6b056ffbe55a95aa 2007.0/i586/samba-doc-3.0.23d-2.3mdv2007.0.i586.rpm f8c445732224a5c8db8b3765737ecf09 2007.0/i586/samba-server-3.0.23d-2.3mdv2007.0.i586.rpm a15627b69d8c7865473257aa71475a41 2007.0/i586/samba-smbldap-tools-3.0.23d-2.3mdv2007.0.i586.rpm 28271a81e11470645e1b8287c755a4c3 2007.0/i586/samba-swat-3.0.23d-2.3mdv2007.0.i586.rpm 26eb7109048d443c280244c8c871b6c4 2007.0/i586/samba-vscan-clamav-3.0.23d-2.3mdv2007.0.i586.rpm fdd8e8f3a9d098a75c6517098f7a4e5f 2007.0/i586/samba-vscan-icap-3.0.23d-2.3mdv2007.0.i586.rpm e16d790fdd80e78b1ad0c796b3fc62f0 2007.0/i586/samba-winbind-3.0.23d-2.3mdv2007.0.i586.rpm 9725d3da0b4394c46c5a11718b02681c 2007.0/SRPMS/samba-3.0.23d-2.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 5a40a67af7bddbac6f1a12ccc04eb71a 2007.0/x86_64/lib64smbclient0-3.0.23d-2.3mdv2007.0.x86_64.rpm c2d3958fb241f8425a6c4b471a7e9ff0 2007.0/x86_64/lib64smbclient0-devel-3.0.23d-2.3mdv2007.0.x86_64.rpm d896b8848adf231e7ca9732cedd1df14 2007.0/x86_64/lib64smbclient0-static-devel-3.0.23d-2.3mdv2007.0.x86_64.rpm 5bb35783003fb0598a1c8d004f1b7e89 2007.0/x86_64/mount-cifs-3.0.23d-2.3mdv2007.0.x86_64.rpm 936b0b4727ced4c51487d22eb4c728c2 2007.0/x86_64/nss_wins-3.0.23d-2.3mdv2007.0.x86_64.rpm 697a37f58cd7ee86bcb6d25fe5ce99a4 2007.0/x86_64/samba-client-3.0.23d-2.3mdv2007.0.x86_64.rpm a2c89ccbb926ab10134bb6c08de1e708 2007.0/x86_64/samba-common-3.0.23d-2.3mdv2007.0.x86_64.rpm a4f423f84d2de83ce0e08f7617c93dd7 2007.0/x86_64/samba-doc-3.0.23d-2.3mdv2007.0.x86_64.rpm 7f95a390b3d8a8f50b4ed742222b5cd1 2007.0/x86_64/samba-server-3.0.23d-2.3mdv2007.0.x86_64.rpm 46d3c6533ebd7bee01721ca614e955ca 2007.0/x86_64/samba-smbldap-tools-3.0.23d-2.3mdv2007.0.x86_64.rpm ed30c61f6884f8b26187e6e3a9885a24 2007.0/x86_64/samba-swat-3.0.23d-2.3mdv2007.0.x86_64.rpm e8ef3da7af8952bebd84406c4a638e39 2007.0/x86_64/samba-vscan-clamav-3.0.23d-2.3mdv2007.0.x86_64.rpm 559d43f9a8f2a8a361b11a97d437c321 2007.0/x86_64/samba-vscan-icap-3.0.23d-2.3mdv2007.0.x86_64.rpm 76963cced45f658ab0ad5412a5aa794b 2007.0/x86_64/samba-winbind-3.0.23d-2.3mdv2007.0.x86_64.rpm 9725d3da0b4394c46c5a11718b02681c 2007.0/SRPMS/samba-3.0.23d-2.3mdv2007.0.src.rpm Mandriva Linux 2007.1: 2e8c595bb959e2acb3ae05b04e8387d5 2007.1/i586/libsmbclient0-3.0.24-2.2mdv2007.1.i586.rpm f398435995e18d601ddb9dc1f1128129 2007.1/i586/libsmbclient0-devel-3.0.24-2.2mdv2007.1.i586.rpm be221059ee4f4c8dd62f23f27b636943 2007.1/i586/libsmbclient0-static-devel-3.0.24-2.2mdv2007.1.i586.rpm 63989fd2a666fd804e93fb6de50faf79 2007.1/i586/mount-cifs-3.0.24-2.2mdv2007.1.i586.rpm df903048b4ccde8195a48aa1c94993a1 2007.1/i586/nss_wins-3.0.24-2.2mdv2007.1.i586.rpm 43de3b657ec9bd2e99a545b93bc66826 2007.1/i586/samba-client-3.0.24-2.2mdv2007.1.i586.rpm 727d37be44200376dcddf14682f4fc7a 2007.1/i586/samba-common-3.0.24-2.2mdv2007.1.i586.rpm de76cf361d6d6b9f25ea9e65461bcf92 2007.1/i586/samba-doc-3.0.24-2.2mdv2007.1.i586.rpm 3ddcfa99a20b0b2c5af4318e947ca5a1 2007.1/i586/samba-server-3.0.24-2.2mdv2007.1.i586.rpm d9f5b95d336826c9787ef0232701986c 2007.1/i586/samba-smbldap-tools-3.0.24-2.2mdv2007.1.i586.rpm 9c41b0d842310e8a8583fb5b52f00680 2007.1/i586/samba-swat-3.0.24-2.2mdv2007.1.i586.rpm abcfc7652487f311edb1adb2fc1855ea 2007.1/i586/samba-vscan-clamav-3.0.24-2.2mdv2007.1.i586.rpm d2b387577c52b4a4c7128275a1055d8f 2007.1/i586/samba-vscan-icap-3.0.24-2.2mdv2007.1.i586.rpm 1c38d939eeb3a56511fb6aa1c80ead9b 2007.1/i586/samba-winbind-3.0.24-2.2mdv2007.1.i586.rpm 1138acd0612b3e1c235cd8e4d5a0e154 2007.1/SRPMS/samba-3.0.24-2.2mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 4e28c912966b246dc09a076ebfe14a1c 2007.1/x86_64/lib64smbclient0-3.0.24-2.2mdv2007.1.x86_64.rpm 1604483d1d16e404a12317faad97d8eb 2007.1/x86_64/lib64smbclient0-devel-3.0.24-2.2mdv2007.1.x86_64.rpm ef43dae21969f6ce04de5685b389fbf4 2007.1/x86_64/lib64smbclient0-static-devel-3.0.24-2.2mdv2007.1.x86_64.rpm 37103982308436b13a95c62dd5a6d382 2007.1/x86_64/mount-cifs-3.0.24-2.2mdv2007.1.x86_64.rpm 1d8eb64a30be1483ae35e0a822b03f62 2007.1/x86_64/nss_wins-3.0.24-2.2mdv2007.1.x86_64.rpm 5d4a67c2df92af2c8ea27b5583e90862 2007.1/x86_64/samba-client-3.0.24-2.2mdv2007.1.x86_64.rpm b79344c4f8b2fdad0cc201cfece51402 2007.1/x86_64/samba-common-3.0.24-2.2mdv2007.1.x86_64.rpm cb576100d93054942f7b2451246c873c 2007.1/x86_64/samba-doc-3.0.24-2.2mdv2007.1.x86_64.rpm 53007b67f56550799239b3fb17f0a71a 2007.1/x86_64/samba-server-3.0.24-2.2mdv2007.1.x86_64.rpm cc7ebaa88c88dc7d1903ed72cfe6dbe0 2007.1/x86_64/samba-smbldap-tools-3.0.24-2.2mdv2007.1.x86_64.rpm ba3d1524f07c35c5cac0dbc2ff2f8fe7 2007.1/x86_64/samba-swat-3.0.24-2.2mdv2007.1.x86_64.rpm a61531290699912b3bcd6d119e49af5a 2007.1/x86_64/samba-vscan-clamav-3.0.24-2.2mdv2007.1.x86_64.rpm 3ec8fd40efdd0355c3376a7f2b12bb7f 2007.1/x86_64/samba-vscan-icap-3.0.24-2.2mdv2007.1.x86_64.rpm 779e7ff7d9af28d3f738f7fc65b1b394 2007.1/x86_64/samba-winbind-3.0.24-2.2mdv2007.1.x86_64.rpm 1138acd0612b3e1c235cd8e4d5a0e154 2007.1/SRPMS/samba-3.0.24-2.2mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGVOzqmqjQ0CJFipgRAtW5AKDaH6H9/e+8blA6CWIxQ6/ztdfjwwCgq1id yNfTE1IaN5b+XGk4fbmBQCQ= =8R4s -----END PGP SIGNATURE-----