HighIBM Security Server Protection for Windows, Proventia Network MFS, Proventia Network IDS, Proventia-G 1.1 and earlier, RealSecure Network, RealSecure Server Sensor, BlackICE PC Protection, BlackICE Server Protection, Proventia Desktop, Proventia Network IPS, RealSecure Desktop, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects malformed SRVSVC SetFileSecurity request where the size of a string is set to -1 potentially leading to a heap overflow in Samba.
High
IBM Security Server Protection for Windows: 1.0.914.2030, Proventia Network MFS: XPU 27.020, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network IDS: XPU 27.020, Proventia-G 1.1 and earlier: XPU 27.020, RealSecure Network: XPU 27.020, RealSecure Server Sensor: XPU 27.020, BlackICE PC Protection: 3.6cqi, BlackICE Server Protection: 3.6.cqi, Proventia Desktop: 2030, Proventia Network IPS: XPU 27.020, RealSecure Desktop: eqi, Proventia Server IPS for Linux technology: 27.020, Virtual Server Protection for Vmware: 1.0
OpenPKG OpenPKG: CURRENT, Gentoo Linux, SuSE Linux Enterprise Server: 8, Novell UnitedLinux: 1.0, HP HP-UX: B.11.11, Sun Solaris: 9 x86, HP HP-UX: B.11.23, SuSE SuSE SLES: 9, MandrakeSoft Mandrake Linux Corporate Server: 3.0, Novell Linux Desktop: 9, Novell Open Enterprise: Server, Sun Solaris: 10 SPARC, Sun Solaris: 10 x86, Canonical Ubuntu: 6.06 LTS, SuSE SuSE SLES: 10, MandrakeSoft Mandrake Linux: 2007, MandrakeSoft Mandrake Linux: 2007 X86_64, MandrakeSoft Mandrake Linux Corporate Server: 4.0, MandrakeSoft Mandrake Linux Corporate Server: 4.0 X86_64, MandrakeSoft Mandrake Linux Corporate Server: 3.0 X86_64, Canonical Ubuntu: 6.10, SuSE SuSE Linux Retail Solution: 8, SuSE SuSE SLED: 10, Novell Linux POS: 9, OpenPKG OpenPKG Enterprise: E1.0-SOLID, MandrakeSoft Mandrake Linux: 2007.1, MandrakeSoft Mandrake Linux: 2008.0 X86_64, Debian Debian Linux: 4.0, Canonical Ubuntu: 7.04, HP HP-UX: B.11.31, Compaq Tru64: 6.6, MandrakeSoft Mandrake Linux: 2007.1 X86_64, Samba Samba: 3.0.23d, Novell Open Enterprise Server, Samba Samba: 3.0.25 Pre2, Novell OpenSUSE: 10.2, Sun Solaris: 9 SPARC
Unauthorized Access Attempt
Samba could allow a local attacker to gain elevated privileges on the system, caused by a logic error in the smbd internal stack. SIDs to/from names are improperly translated when using a Samba local list of user and group accounts, which could allow a local attacker to temporarily issue SMB/CIFS protocol operations as the root user. An attacker could exploit this vulnerability to gain root privileges on the system.
Apply the patch for this vulnerability or upgrade to the latest version of Samba (3.0.25 or later), available from the Samba Web site. See References.
For Hewlett-Packard (Samba):
Refer to HPSBTU02218 SSRT071424 for patch, upgrade, or suggested workaround information. See References.
For Hewlett-Packard (Samba):
Refer to HPSBUX02218 SSRT071424 for patch, upgrade, or suggested workaround information. See References.
For Debian GNU/Linux (samba):
Refer to DSA-1291-1 for patch, upgrade, or suggested workaround information. See References.
For Ubuntu Linux (samba):
Refer to USN-460-1 for patch, upgrade, or suggested workaround information. See References.
For Mandriva Linux (samba):
Refer to MDKSA-2007:104 for patch, upgrade, or suggested workaround information. See References.
For Gentoo Linux (samba):
Refer to GLSA 200705-15 for patch, upgrade, or suggested workaround information. See References.
For Mandriva Linux (samba):
Refer to MDKSA-2007:104-1 for patch, upgrade, or suggested workaround information. See References.
For Solaris (samba):
Refer to Sun Alert ID: 102964 for patch, upgrade, or suggested workaround information. See References.
For Tru64 UNIX:
Refer to BugTraq Mailing List, Tue Jul 10 2007 - 07:53:45 CDT for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Apply the appropriate update for your system. See References.
BugTraq Mailing List, Sun May 13 2007 - 17:48:28 CDT
[SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation
http://archives.neohapsis.com/archives/bugtraq/2007-05/0202.html
Samba Web site
Samba - Security Updates and Information
http://www.samba.org/samba/history/security.html
DSA-1291-1
samba -- several vulnerabilities
http://www.us.debian.org/security/2007/dsa-1291
USN-460-1
samba vulnerabilities
http://www.ubuntu.com/usn/usn-460-1
MDKSA-2007:104
Updated samba packages fix multiple vulnerabilities
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
GLSA 200705-15
Samba: Multiple vulnerabilities
http://www.gentoo.org/security/en/glsa/glsa-200705-15.xml
MDKSA-2007:104-1
Updated samba packages fix multiple vulnerabilities
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104-1
Sun Alert ID: 102964
Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution, Elevation of Privileges, or Remote Shell Command Execution
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
HPSBTU02218 SSRT071424
HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
HPSBUX02218 SSRT071424
HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
BugTraq Mailing List, Tue Jul 10 2007 - 07:53:45 CDT
[security bulletin] HPSBTU02233 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation
http://archives.neohapsis.com/archives/bugtraq/2007-07/0070.html
OpenPKG-SA-2007.012
samba
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
ISS X-Force
Samba SID name translation privilege escalation
http://www.iss.net/security_center/static/34315.php
CVE
CVE-2007-2444
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444