Ubuntu Security Notice (C) 2007-2013 Canonical, Inc. / NASL script (C) 2007-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Paul Griffith and Andrew Hogue discovered that Samba did not fully
drop root privileges while translating SIDs. A remote authenticated
user could issue SMB operations during a small window of opportunity
and gain root privileges. (CVE-2007-2444)
Brian Schafer discovered that Samba did not handle NDR parsing
correctly. A remote attacker could send specially crafted MS-RPC
requests that could overwrite heap memory and execute arbitrary code.
It was discovered that Samba did not correctly escape input parameters
for external scripts defined in smb.conf. Remote authenticated users
could send specially crafted MS-RPC requests and execute arbitrary
shell commands. (CVE-2007-2447).
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 28059 ()
CVE ID: CVE-2007-2444CVE-2007-2446CVE-2007-2447
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.