FYI...

- http://isc.sans.org/diary.html?storyid=2804
Last Updated: 2007-05-14 19:12:24 UTC ~ "The Samba project has just released version 3.0.25* of their SMB/CIFS server software. As this is widely used to serve printer and filesystem access from Unix servers to networks with Windows clients, we suggest reviewing whether you may need to upgrade.
http://samba.org/samba/security/CVE-2007-2446.html is a remote code execution vulnerability through multiple heap overflows. It applies to versions 3.0.0 through 3.0.25rc3.
http://samba.org/samba/security/CVE-2007-2444.html can allow a user to temporary privilege escalation to the root user. It applies to versions 3.0.23d through 3.0.25pre2.
http://samba.org/samba/security/CVE-2007-2447.html allows for remote code execution through unescaped input parameters to /bin/sh. A workaround consists of removing all external script invocations from the SMB configuration file. It applies to versions 3.0.0 through 3.0.25rc3."

* http://news.samba.org/releases/samba_3_0_25_release/


.

This post has been edited by AplusWebMaster: Jun 7 2008, 03:51 AM

FYI...

- http://atlas.arbor.net/briefs/index#-1748729041
Severity: High Severity
Published: Thursday, May 29, 2008

- http://secunia.com/advisories/30228/
Last Update: 2008-05-29
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Samba 2.x, Samba 3.x
...The vulnerability is confirmed in versions 3.0.28a and 3.0.29. Prior versions may also be affected.
Solution: Update to version 3.0.30 or apply patch.
http://us5.samba.org/samba/ftp/patches/sec...2008-1105.patch
Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2008-20/
Samba:
http://www.samba.org/samba/security/CVE-2008-1105.html

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1105