[Samba] patch or upgrade for vulnerability

Moss, Patricia pmoss at fcg.com
Thu Jun 5 14:50:55 GMT 2008

I am trying to do some research on two Samba Vulnerabilities; Samba
MS-RPC Request Parsing Heap Buffer Overflows (CVE-2007-2446) and Samba
Remote Command Injection Vulnerability (CVE-2007-2447). In reading the
documentation for these vulnerabilities, it appears that the available
patches, to fix the problems, are for version 3.0.24.  I am currently
running version 3.0.21, on Solaris 10. Does that mean that the
vulnerability does not relate to my version?  If not, is there somewhere
that I can download the patch for version 3.0.21?  If not, and the only
way to resolve the vulnerability is to upgrade, are there upgrade
documents somewhere?  I have installation, but not upgrade
documentation.  Thanks


Pati M 

"UNIX is user friendly. It's just picky about who it's friends with."


This email may contain material that is confidential, privileged, and/or attorney work product for the sole use of the intended recipient.  Any review, reliance, or distribution by others or forwarding without express permission is strictly prohibited.  If you are not the intended recipient, please contact the sender and delete all copies.

More information about the samba mailing list