Ubuntu Security Notice (C) 2007-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Paul Griffith and Andrew Hogue discovered that Samba did not fully
drop root privileges while translating SIDs. A remote authenticated
user could issue SMB operations during a small window of opportunity
and gain root privileges. (CVE-2007-2444)
Brian Schafer discovered that Samba did not handle NDR parsing
correctly. A remote attacker could send specially crafted MS-RPC
requests that could overwrite heap memory and execute arbitrary code.
It was discovered that Samba did not correctly escape input parameters
for external scripts defined in smb.conf. Remote authenticated users
could send specially crafted MS-RPC requests and execute arbitrary
shell commands. (CVE-2007-2447).
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true