[Samba] samba problem: Multiple Heap Overflows Allow Remote Code
Execution
Gerald (Jerry) Carter
jerry at samba.org
Fri Jun 1 12:08:36 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
liujack,
> Dear Jeremy: We use samba 2.2.12 as our
> samba server, and it worked perfectly before,
> but now there is one security problem found in
> samba 3.0 now, so we worry about our samba server,
> but for some reason we can't update to samba 3.0.25,
> so can you tell us whether the problem be existent
> in samba 2.2.12, or how can I test our samba server
> with some tools software? Thanks, Jack
For the record:
CVE-2007-2447 was present in some form in the 2.2.x branch.
CVE-2007-2444 does not apply to 3.0.23c or earlier releases.
CVE-2007-2446 probably applies in some fashion to 2.2.x
But Samba 2.2. was declared EOL in Oct of 2004. Your only
option is to backport the patches yourself or contact a vendor
for paid support and have them do it.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGYAxEIR7qMdg1EfYRAiOuAJ4yoTBF28Zadx9vGv1OA8k7Mt0lYgCdGglQ
iYoLUmtywlj6kEJ4dBi8DVw=
=fqrj
-----END PGP SIGNATURE-----
More information about the samba
mailing list