Mandrake Linux Security Advisory : samba (MDKSA-2007:104-1)
Critical Nessus Plugin ID 25237
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA number of bugs were discovered in the NDR parsing support in Samba that is used to decode MS-RPC requests. A remote attacker could send a carefully crafted request that would cause a heap overflow, possibly leading to the ability to execute arbitrary code on the server (CVE-2007-2446).
A remote authenticated user could trigger a flaw where unescaped user input parameters were being passed as arguments to /bin/sh (CVE-2007-2447).
Finally, on Samba 3.0.23d and higher, when Samba translated SID to/from name using the Samba local list of user and group accounts, a logic error in smbd's internal security stack could result in a transition to the root user id rather than the non-root user (CVE-2007-2444).
The fix for CVE-2007-2444 broke the behaviour of force group when the forced group is a local Unix group for domain member servers.
This update corrects that regression.
SolutionUpdate the affected packages.