English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.59535
Category:Fedora Local Security Checks
Title:Fedora Core 6 FEDORA-2007-507 (samba)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to samba
announced via advisory FEDORA-2007-507.


Samba is the suite of programs by which a lot of PC-related machines
share files, printers, and other information (such as lists of
available files and printers). The Windows NT, OS/2, and Linux
operating systems support this natively, and add-on packages can
enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
and more. This package provides an SMB server that can be used to
provide network services to SMB (sometimes called Lan Manager)
clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.

Update Information:

This release of Samba fixes some Serious security bugs:
- CVE-2007-2444
- CVE-2007-2446
- CVE-2007-2447

Official upstream announcements here:
http://www.samba.org/samba/security/CVE-2007-2444.html
http://www.samba.org/samba/security/CVE-2007-2446.html
http://www.samba.org/samba/security/CVE-2007-2447.html
* Mon May 14 2007 Simo Sorce 3.0.24-5.fc6
- Security fixes for
CVE-2007-2444
CVE-2007-2446
CVE-2007-2447

Solution: Apply the appropriate updates.

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/


This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.


http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-507

Risk factor : Critical

CVSS Score:
10.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-2444
1018049
http://www.securitytracker.com/id?1018049
102964
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
200588
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
2007-0017
http://www.trustix.org/errata/2007/0017/
20070513 [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation
http://www.securityfocus.com/archive/1/468548/100/0/threaded
20070515 FLEA-2007-0017-1: samba
http://www.securityfocus.com/archive/1/468670/100/0/threaded
23974
http://www.securityfocus.com/bid/23974
25232
http://secunia.com/advisories/25232
25241
http://secunia.com/advisories/25241
25246
http://secunia.com/advisories/25246
25251
http://secunia.com/advisories/25251
25255
http://secunia.com/advisories/25255
25256
http://secunia.com/advisories/25256
25259
http://secunia.com/advisories/25259
25270
http://secunia.com/advisories/25270
25289
http://secunia.com/advisories/25289
25675
http://secunia.com/advisories/25675
25772
http://secunia.com/advisories/25772
2701
http://securityreason.com/securityalert/2701
34698
http://osvdb.org/34698
ADV-2007-1805
http://www.vupen.com/english/advisories/2007/1805
ADV-2007-2210
http://www.vupen.com/english/advisories/2007/2210
ADV-2007-2281
http://www.vupen.com/english/advisories/2007/2281
DSA-1291
http://www.debian.org/security/2007/dsa-1291
GLSA-200705-15
http://security.gentoo.org/glsa/glsa-200705-15.xml
HPSBTU02218
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
MDKSA-2007:104
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
OpenPKG-SA-2007.012
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
SSA:2007-134-01
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
SSRT071424
SUSE-SA:2007:031
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
USN-460-1
http://www.ubuntu.com/usn/usn-460-1
USN-460-2
http://www.ubuntu.com/usn/usn-460-2
http://www.samba.org/samba/security/CVE-2007-2444.html
https://issues.rpath.com/browse/RPL-1366
Common Vulnerability Exposure (CVE) ID: CVE-2007-2446
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
BugTraq ID: 23973
http://www.securityfocus.com/bid/23973
BugTraq ID: 24195
http://www.securityfocus.com/bid/24195
BugTraq ID: 24196
http://www.securityfocus.com/bid/24196
BugTraq ID: 24197
http://www.securityfocus.com/bid/24197
BugTraq ID: 24198
http://www.securityfocus.com/bid/24198
BugTraq ID: 25159
http://www.securityfocus.com/bid/25159
Bugtraq: 20070513 [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution (Google Search)
http://www.securityfocus.com/archive/1/468542/100/0/threaded
Bugtraq: 20070515 FLEA-2007-0017-1: samba (Google Search)
Bugtraq: 20070515 ZDI-07-029: Samba lsa_io_privilege_set Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468674/100/0/threaded
Bugtraq: 20070515 ZDI-07-030: Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468675/100/0/threaded
Bugtraq: 20070515 ZDI-07-031: Samba smb_io_notify_option_type_data Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468673/100/0/threaded
Bugtraq: 20070515 ZDI-07-032: Samba sec_io_acl Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468672/100/0/threaded
Bugtraq: 20070515 ZDI-07-033: Samba lsa_io_trans_names Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468680/100/0/threaded
CERT/CC vulnerability note: VU#773720
http://www.kb.cert.org/vuls/id/773720
Debian Security Information: DSA-1291 (Google Search)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
HPdes Security Advisory: HPSBTU02218
HPdes Security Advisory: HPSBUX02218
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
HPdes Security Advisory: SSRT071424
http://www.zerodayinitiative.com/advisories/ZDI-07-029.html
http://www.zerodayinitiative.com/advisories/ZDI-07-030.html
http://www.zerodayinitiative.com/advisories/ZDI-07-031.html
http://www.zerodayinitiative.com/advisories/ZDI-07-032.html
http://www.zerodayinitiative.com/advisories/ZDI-07-033.html
http://osvdb.org/34699
http://osvdb.org/34731
http://www.osvdb.org/34732
http://osvdb.org/34733
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11415
http://www.redhat.com/support/errata/RHSA-2007-0354.html
http://www.securitytracker.com/id?1018050
http://secunia.com/advisories/25257
http://secunia.com/advisories/25391/
http://secunia.com/advisories/25567
http://secunia.com/advisories/26235
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://secunia.com/advisories/28292
http://securityreason.com/securityalert/2702
SuSE Security Announcement: SUSE-SA:2007:031 (Google Search)
http://www.vupen.com/english/advisories/2007/2079
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3229
http://www.vupen.com/english/advisories/2008/0050
XForce ISS Database: samba-lsaioprivilegeset-bo(34309)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34309
XForce ISS Database: samba-lsaiotransnames-bo(34316)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34316
XForce ISS Database: samba-netdfsiodfsenuminfod-bo(34311)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34311
XForce ISS Database: samba-secioacl-bo(34314)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34314
XForce ISS Database: samba-smbionotifyoptiontypedata-bo(34312)
https://exchange.xforce.ibmcloud.com/vulnerabilities/34312
Common Vulnerability Exposure (CVE) ID: CVE-2007-2447
BugTraq ID: 23972
http://www.securityfocus.com/bid/23972
Bugtraq: 20070513 [SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/468565/100/0/threaded
CERT/CC vulnerability note: VU#268336
http://www.kb.cert.org/vuls/id/268336
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
http://www.osvdb.org/34700
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062
http://www.securitytracker.com/id?1018051
http://secunia.com/advisories/26083
http://securityreason.com/securityalert/2700
SuSE Security Announcement: SUSE-SR:2007:014 (Google Search)
http://www.novell.com/linux/security/advisories/2007_14_sr.html
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.