=========================================================== Ubuntu Security Notice USN-460-1 May 16, 2007 samba vulnerabilities CVE-2007-2444, CVE-2007-2446, CVE-2007-2447 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: samba 3.0.22-1ubuntu3.3 Ubuntu 6.10: samba 3.0.22-1ubuntu4.2 Ubuntu 7.04: samba 3.0.24-2ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs. A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges. (CVE-2007-2444) Brian Schafer discovered that Samba did not handle NDR parsing correctly. A remote attacker could send specially crafted MS-RPC requests that could overwrite heap memory and execute arbitrary code. (CVE-2007-2446) It was discovered that Samba did not correctly escape input parameters for external scripts defined in smb.conf. Remote authenticated users could send specially crafted MS-RPC requests and execute arbitrary shell commands. (CVE-2007-2447)