> -----Original Message-----
> From: enterprise-watch-list-bounces@xxxxxxxxxx
> [mailto:enterprise-watch-list-bounces@xxxxxxxxxx] On Behalf
> Of bugzilla@xxxxxxxxxx
> Sent: Monday, May 14, 2007 7:22 PM
> To: enterprise-watch-list@xxxxxxxxxx
> Subject: [RHSA-2007:0354-01] Critical: samba security update
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> -
> ---------------------------------------------------------------------
> Red Hat Security Advisory
>
> Synopsis: Critical: samba security update
> Advisory ID: RHSA-2007:0354-01
> Advisory URL:
> Issue date: 2007-05-14
> Updated on: 2007-05-14
> Product: Red Hat Enterprise Linux
> CVE Names: CVE-2007-2446 CVE-2007-2447
> -
> ---------------------------------------------------------------------
>
> 1. Summary:
>
> Updated samba packages that fix several security flaws are
> now available.
>
> This update has been rated as having critical security impact
> by the Red
> Hat Security Response Team.
>
> 2. Relevant releases/architectures:
>
> Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
> Red Hat Linux Advanced Workstation 2.1 - ia64
> Red Hat Enterprise Linux ES version 2.1 - i386
> Red Hat Enterprise Linux WS version 2.1 - i386
> Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc,
> s390, s390x, x86_64
> Red Hat Desktop version 3 - i386, x86_64
> Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
> Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
> Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc,
> s390, s390x, x86_64
> Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
> Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
> Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
> Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
> Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc,
> s390x, x86_64
>
> 3. Problem description:
>
> Samba provides file and printer sharing services to SMB/CIFS clients.
>
> Various bugs were found in NDR parsing, used to decode MS-RPC
> requests in
> Samba. A remote attacker could have sent carefully crafted requests
> causing a heap overflow, which may have led to the ability to execute
> arbitrary code on the server. (CVE-2007-2446)
>
> Unescaped user input parameters were being passed as
> arguments to /bin/sh.
> A remote, authenticated, user could have triggered this flaw
> and executed
> arbitrary code on the server. Additionally, on Red Hat
> Enterprise Linux 5
> only, this flaw could be triggered by a remote unauthenticated user if
> Samba was configured to use the non-default "username map
> script" option.
> (CVE-2007-2447)
>
> Users of Samba should upgrade to these packages, which
> contain backported
> patches to correct these issues. After upgrading, Samba should be
> restarted using "service smb restart"
>
> On Red Hat Enterprise Linux 5 the impact of these issues is reduced as
> Samba is constrained by the default SELinux "targeted" policy.
>
> Red Hat would like to thank the Samba developers, TippingPoint, and
> iDefense for reporting these issues.
>
> 4. Solution:
>
> Before applying this update, make sure that all previously-released
> errata relevant to your system have been applied.
>
> This update is available via Red Hat Network. Details on how to use
> the Red Hat Network to apply this update are available at
>
>
> 5. Bug IDs fixed ():
>
> 239429 - CVE-2007-2446 samba heap overflows
> 239774 - CVE-2007-2447 samba code injection
>
...
>
> 7. References:
>
>
>
>
>
>
>
>
> Copyright 2007 Red Hat, Inc.
