FrSIRT - Fedora Security Update Fixes Samba "nmbd" Multiple Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Samba "nmbd" Multiple Vulnerabilities

Title : Fedora Security Update Fixes Samba "nmbd" Multiple Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-3952
CVE ID : CVE-2007-4572 - CVE-2007-5398
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-22

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

d7633f1b0e4b04e58328fc193b22fa9f948f618e SRPMS/samba-3.0.24-8.fc6.src.rpm
d7633f1b0e4b04e58328fc193b22fa9f948f618e noarch/samba-3.0.24-8.fc6.src.rpm
994319d9ce6e2923a69223baf7141059fe68bab1 ppc/samba-common-3.0.24-8.fc6.ppc.rpm
c219bb7c345cfc6ee4637fe789ad7a1975007bd2 ppc/samba-swat-3.0.24-8.fc6.ppc.rpm
dfeb00685109e68cbfe4e32d1fdda971e434926f ppc/samba-client-3.0.24-8.fc6.ppc.rpm
38d0f256c5690d7cd3efc395c902346a31d06689 ppc/debug/samba-debuginfo-3.0.24-8.fc6.ppc.rpm
68da1a044d8a499d63e1a5ae522ed72ac8943820 ppc/samba-3.0.24-8.fc6.ppc.rpm
5f8b992568e10a80b4d0242dfd837981c9440e20 x86_64/debug/samba-debuginfo-3.0.24-8.fc6.x86_64.rpm
20287b6f32200ddd97169a3eced8afccc0be9c14 x86_64/samba-client-3.0.24-8.fc6.x86_64.rpm
4cffe96c35832d921ade6db8eccd5b97012f7f5e x86_64/samba-swat-3.0.24-8.fc6.x86_64.rpm
9a57d1b2eee48eb7b2e4e9b8797cda4634086941 x86_64/samba-3.0.24-8.fc6.x86_64.rpm
7b5c711bbcb6b526347905bf5cbd9f74becdf6a8 x86_64/samba-common-3.0.24-8.fc6.x86_64.rpm
06cab7999a1fd8c5ef748ad1dc36b12f3f3ccbc5 i386/samba-common-3.0.24-8.fc6.i386.rpm
70bd7ffc0a96cd2f31f5488cda7d0f6b5212570a i386/samba-3.0.24-8.fc6.i386.rpm
cff297f2b4a412314336d26a3802aac365c32289 i386/debug/samba-debuginfo-3.0.24-8.fc6.i386.rpm
c969b2a6ab051c2333ad3e1ed3ae844ca1f846ed i386/samba-swat-3.0.24-8.fc6.i386.rpm
735b87dd31327a0540c5d6742c05bfe35e83fa8e i386/samba-client-3.0.24-8.fc6.i386.rpm

ChangeLog

2007-11-22 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
	Cisco Products SNMPv3 Authentication Packets Vulnerabilities
	Cisco PIX and ASA Security Bypass and Denial of Service
	Cisco IOS Secure Shell Remote Denial of Service

	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Firefox Unspecified Remote Command Execution Vulnerability
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability
	Apple Safari Code Execution and Information Disclosure Vulnerabilities
	Apple QuickTime Multiple File Handling Code Execution Vulnerabilities
	Apple Safari for Windows Remote Code Execution Vulnerability
	Apple Mac OS X Command Execution and Security Bypass Issues