Package(s):	samba	CVE #(s):	CVE-2007-2444 CVE-2007-2446 CVE-2007-2447
Created:	May 14, 2007	Updated:	June 5, 2007
Description:	Three vulnerabilities have been fixed in Samba 3.0.25: Local SID/Name translation bug can result in user privilege elevation. Multiple heap overflows allow remote code execution. Unescaped user input parameters are passed as arguments to /bin/sh allowing for remote command execution.
Alerts:	Debian DSA-1291-4 samba 2007-06-04 Debian-Testing DTSA-41-1 samba 2007-05-31 Mandriva MDKSA-2007:104-1 samba 2007-05-23 Ubuntu USN-460-2 samba 2007-05-22 SuSE SUSE-SA:2007:031 samba 2007-05-21 Fedora FEDORA-2007-518 samba 2007-05-21 Debian DSA-1291-3 samba 2007-05-20 OpenPKG OpenPKG-SA-2007.012 samba 2007-05-18 Trustix TSLSA-2007-0017 samba 2007-05-17 Debian DSA-1291-2 samba 2007-05-15 Ubuntu USN-460-1 samba 2007-05-16 Foresight FLEA-2007-0017-1 samba 2007-05-15 Gentoo 200705-15 samba 2007-05-15 Debian DSA-1291-1 samba 2007-05-15 Slackware SSA:2007-134-01 samba 2007-05-15 rPath rPSA-2007-0098-1 samba 2007-05-15 Mandriva MDKSA-2007:104 samba 2007-05-14 Fedora FEDORA-2007-506 samba 2007-05-14 Fedora FEDORA-2007-507 samba 2007-05-14 Red Hat RHSA-2007:0354-01 samba 2007-05-14

---

to post comments