Samba: Multiple vulnerabilities Samba contains multiple vulnerabilities potentially resulting in the execution of arbitrary code with root privileges. samba May 15, 2007 May 15, 2007: 01 177029 remote 3.0.24-r2 3.0.24-r2

Samba is a suite of SMB and CIFS client/server programs for UNIX.

Samba contains a logical error in the smbd daemon when translating local SID to user names (CVE-2007-2444). Furthermore, Samba contains several bugs when parsing NDR encoded RPC parameters (CVE-2007-2446). Lastly, Samba fails to properly sanitize remote procedure input provided via Microsoft Remote Procedure Calls (CVE-2007-2447).

A remote attacker could exploit these vulnerabilities to gain root privileges via various vectors.

There is no known workaround at this time.

All Samba users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.24-r2" CVE-2007-2444 CVE-2007-2446 CVE-2007-2447 jaervosz jaervosz