USN-460-1: Samba vulnerabilities

Ubuntu Security Notice USN-460-1

15th May, 2007

samba vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06 LTS


Paul Griffith and Andrew Hogue discovered that Samba did not fully drop
root privileges while translating SIDs. A remote authenticated user
could issue SMB operations during a small window of opportunity and gain
root privileges. (CVE-2007-2444)

Brian Schafer discovered that Samba did not handle NDR parsing
correctly. A remote attacker could send specially crafted MS-RPC
requests that could overwrite heap memory and execute arbitrary code.

It was discovered that Samba did not correctly escape input parameters
for external scripts defined in smb.conf. Remote authenticated users
could send specially crafted MS-RPC requests and execute arbitrary shell
commands. (CVE-2007-2447)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 7.04:
samba 3.0.24-2ubuntu1.1
Ubuntu 6.10:
samba 3.0.22-1ubuntu4.2
Ubuntu 6.06 LTS:
samba 3.0.22-1ubuntu3.3

To update your system, please follow these instructions:

In general, a standard system upgrade is sufficient to effect the
necessary changes.


CVE-2007-2444, CVE-2007-2446, CVE-2007-2447