FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-2444

This CVE name corresponds to:

Entered Topic
2007-05-16 samba -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-2444
Phase Assigned(20070502)

Description

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

References

Source Reference
BUGTRAQ 20070513 [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation
BUGTRAQ 20070515 FLEA-2007-0017-1: samba
CONFIRM http://www.samba.org/samba/security/CVE-2007-2444.html
CONFIRM https://issues.rpath.com/browse/RPL-1366
DEBIAN DSA-1291
GENTOO GLSA-200705-15
HP HPSBTU02218
HP SSRT071424
MANDRIVA MDKSA-2007:104
OPENPKG OpenPKG-SA-2007.012
SLACKWARE SSA:2007-134-01
SUNALERT 102964
SUNALERT 200588
SUSE SUSE-SA:2007:031
TRUSTIX 2007-0017
UBUNTU USN-460-1
UBUNTU USN-460-2
BID 23974
OSVDB 34698
VUPEN ADV-2007-1805
VUPEN ADV-2007-2210
VUPEN ADV-2007-2281
SECTRACK 1018049
SECUNIA 25241
SECUNIA 25246
SECUNIA 25256
SECUNIA 25232
SECUNIA 25251
SECUNIA 25270
SECUNIA 25259
SECUNIA 25255
SECUNIA 25289
SECUNIA 25675
SECUNIA 25772
SREASON 2701