Upstream information

CVE-2007-2446 at MITRE

Description

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 10
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 273613 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • cifs-mount >= 3.4.3-1.17.2
  • ldapsmb >= 1.34b-11.17.2
  • libsmbclient0 >= 3.4.3-1.17.2
  • libsmbclient0-32bit >= 3.4.3-1.17.2
  • libsmbclient0-x86 >= 3.4.3-1.17.2
  • libtalloc1 >= 3.4.3-1.17.2
  • libtalloc1-32bit >= 3.4.3-1.17.2
  • libtalloc1-x86 >= 3.4.3-1.17.2
  • libtdb1 >= 3.4.3-1.17.2
  • libtdb1-32bit >= 3.4.3-1.17.2
  • libtdb1-x86 >= 3.4.3-1.17.2
  • libwbclient0 >= 3.4.3-1.17.2
  • libwbclient0-32bit >= 3.4.3-1.17.2
  • libwbclient0-x86 >= 3.4.3-1.17.2
  • samba >= 3.4.3-1.17.2
  • samba-32bit >= 3.4.3-1.17.2
  • samba-client >= 3.4.3-1.17.2
  • samba-client-32bit >= 3.4.3-1.17.2
  • samba-client-x86 >= 3.4.3-1.17.2
  • samba-krb-printing >= 3.4.3-1.17.2
  • samba-winbind >= 3.4.3-1.17.2
  • samba-winbind-32bit >= 3.4.3-1.17.2
  • samba-winbind-x86 >= 3.4.3-1.17.2
  • samba-x86 >= 3.4.3-1.17.2
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA cifs-mount
SUSE Linux Enterprise Server 11 SP2
  • cifs-utils >= 5.1-0.4.9
  • ldapsmb >= 1.34b-12.18.3
  • libldb1 >= 3.6.3-0.18.3
  • libsmbclient0 >= 3.6.3-0.18.3
  • libsmbclient0-32bit >= 3.6.3-0.18.3
  • libsmbclient0-x86 >= 3.6.3-0.18.3
  • libtalloc2 >= 3.6.3-0.18.3
  • libtalloc2-32bit >= 3.6.3-0.18.3
  • libtalloc2-x86 >= 3.6.3-0.18.3
  • libtdb1 >= 3.6.3-0.18.3
  • libtdb1-32bit >= 3.6.3-0.18.3
  • libtdb1-x86 >= 3.6.3-0.18.3
  • libtevent0 >= 3.6.3-0.18.3
  • libwbclient0 >= 3.6.3-0.18.3
  • libwbclient0-32bit >= 3.6.3-0.18.3
  • libwbclient0-x86 >= 3.6.3-0.18.3
  • samba >= 3.6.3-0.18.3
  • samba-32bit >= 3.6.3-0.18.3
  • samba-client >= 3.6.3-0.18.3
  • samba-client-32bit >= 3.6.3-0.18.3
  • samba-client-x86 >= 3.6.3-0.18.3
  • samba-krb-printing >= 3.6.3-0.18.3
  • samba-winbind >= 3.6.3-0.18.3
  • samba-winbind-32bit >= 3.6.3-0.18.3
  • samba-winbind-x86 >= 3.6.3-0.18.3
  • samba-x86 >= 3.6.3-0.18.3
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA cifs-utils
SUSE Linux Enterprise Server 11 SP2 GA ldapsmb
SUSE Linux Enterprise Server 11 SP3
  • cifs-utils >= 5.1-0.11.1
  • ldapsmb >= 1.34b-12.39.1
  • libldb1 >= 3.6.3-0.39.1
  • libsmbclient0 >= 3.6.3-0.39.1
  • libsmbclient0-32bit >= 3.6.3-0.39.1
  • libsmbclient0-x86 >= 3.6.3-0.39.1
  • libtalloc2 >= 3.6.3-0.39.1
  • libtalloc2-32bit >= 3.6.3-0.39.1
  • libtalloc2-x86 >= 3.6.3-0.39.1
  • libtdb1 >= 3.6.3-0.39.1
  • libtdb1-32bit >= 3.6.3-0.39.1
  • libtdb1-x86 >= 3.6.3-0.39.1
  • libtevent0 >= 3.6.3-0.39.1
  • libwbclient0 >= 3.6.3-0.39.1
  • libwbclient0-32bit >= 3.6.3-0.39.1
  • libwbclient0-x86 >= 3.6.3-0.39.1
  • samba >= 3.6.3-0.39.1
  • samba-32bit >= 3.6.3-0.39.1
  • samba-client >= 3.6.3-0.39.1
  • samba-client-32bit >= 3.6.3-0.39.1
  • samba-client-x86 >= 3.6.3-0.39.1
  • samba-krb-printing >= 3.6.3-0.39.1
  • samba-winbind >= 3.6.3-0.39.1
  • samba-winbind-32bit >= 3.6.3-0.39.1
  • samba-winbind-x86 >= 3.6.3-0.39.1
  • samba-x86 >= 3.6.3-0.39.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA cifs-utils
SUSE Linux Enterprise Server 11 SP3 GA ldapsmb
SUSE Linux Enterprise Server 11 SP4
  • cifs-utils >= 5.1-0.14.46
  • ldapsmb >= 1.34b-12.58.1
  • libldb1 >= 3.6.3-0.58.1
  • libsmbclient0 >= 3.6.3-0.58.1
  • libsmbclient0-32bit >= 3.6.3-0.58.1
  • libsmbclient0-x86 >= 3.6.3-0.58.1
  • libtalloc2 >= 3.6.3-0.58.1
  • libtalloc2-32bit >= 3.6.3-0.58.1
  • libtalloc2-x86 >= 3.6.3-0.58.1
  • libtdb1 >= 3.6.3-0.58.1
  • libtdb1-32bit >= 3.6.3-0.58.1
  • libtdb1-x86 >= 3.6.3-0.58.1
  • libtevent0 >= 3.6.3-0.58.1
  • libtevent0-32bit >= 3.6.3-0.58.1
  • libtevent0-x86 >= 3.6.3-0.39.1
  • libwbclient0 >= 3.6.3-0.58.1
  • libwbclient0-32bit >= 3.6.3-0.58.1
  • libwbclient0-x86 >= 3.6.3-0.58.1
  • samba >= 3.6.3-0.58.1
  • samba-32bit >= 3.6.3-0.58.1
  • samba-client >= 3.6.3-0.58.1
  • samba-client-32bit >= 3.6.3-0.58.1
  • samba-client-x86 >= 3.6.3-0.58.1
  • samba-krb-printing >= 3.6.3-0.58.1
  • samba-winbind >= 3.6.3-0.58.1
  • samba-winbind-32bit >= 3.6.3-0.58.1
  • samba-winbind-x86 >= 3.6.3-0.58.1
  • samba-x86 >= 3.6.3-0.58.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA cifs-utils
SUSE Linux Enterprise Server 11 SP4 GA ldapsmb
SUSE Linux Enterprise Server 11 SP4 GA libtevent0-x86
SUSE Linux Enterprise Software Development Kit 11 SP4
  • libldb-devel >= 3.6.3-0.58.1
  • libnetapi-devel >= 3.6.3-0.58.1
  • libnetapi0 >= 3.6.3-0.58.1
  • libsmbclient-devel >= 3.6.3-0.58.1
  • libsmbsharemodes-devel >= 3.6.3-0.58.1
  • libsmbsharemodes0 >= 3.6.3-0.58.1
  • libtalloc-devel >= 3.6.3-0.58.1
  • libtdb-devel >= 3.6.3-0.58.1
  • libtevent-devel >= 3.6.3-0.58.1
  • libwbclient-devel >= 3.6.3-0.58.1
  • samba-devel >= 3.6.3-0.58.1
  • samba-test >= 3.6.3-0.58.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA libldb-devel
SUSE LINUX 10.1
  • samba >= 3.0.22-13.30
  • samba-32bit >= 3.0.22-13.30
  • samba-64bit >= 3.0.22-13.30
  • samba-client >= 3.0.22-13.30
  • samba-client-32bit >= 3.0.22-13.30
  • samba-client-64bit >= 3.0.22-13.30
  • samba-winbind >= 3.0.22-13.30
  • samba-winbind-32bit >= 3.0.22-13.30
  • samba-winbind-64bit >= 3.0.22-13.30
SUSE LINUX Retail Solution 8
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • samba >= 2.2.8a-241
  • samba-client >= 2.2.8a-241
  • samba-vscan >= 0.3.2a-293
slrs8.x86
SUSE LINUX 10.0
  • cifs-mount >= 3.0.20b-3.10
  • ldapsmb >= 1.33-6.10
  • libsmbclient >= 3.0.20b-3.10
  • libsmbclient-32bit >= 3.0.20b-3.10
  • libsmbclient-64bit >= 3.0.20b-3.10
  • libsmbclient-devel >= 3.0.20b-3.10
  • samba >= 3.0.20b-3.10
  • samba-client >= 3.0.20b-3.10
  • samba-pdb >= 3.0.20b-3.10
  • samba-python >= 3.0.20b-3.10
  • samba-vscan >= 0.3.6b-4.9
  • samba-winbind >= 3.0.20b-3.10
SuSE Linux Desktop 1.0
  • samba >= 2.2.8a-241
  • samba-client >= 2.2.8a-241
ul1.s390
ul1.x86-64
YOU Patch Nr: 11520
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for IPF
UnitedLinux 1.0
  • samba >= 2.2.8a-241
  • samba-client >= 2.2.8a-241
  • samba-vscan >= 0.3.2a-293
ul1.s390
ul1.x86-64
YOU Patch Nr: 11520
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • libsmbclient >= 3.0.20b-3.17
  • libsmbclient-devel >= 3.0.20b-3.17
  • samba >= 3.0.20b-3.17
  • samba-client >= 3.0.20b-3.17
  • samba-doc >= 3.0.20b-3.17
  • samba-pdb >= 3.0.20b-3.17
  • samba-python >= 3.0.20b-3.17
  • samba-vscan >= 0.3.6b-0.21
  • samba-winbind >= 3.0.20b-3.17
sles9-nld.x86
core9.s390
YOU Patch Nr: 11522
Novell Linux Desktop 9 for x86_64
  • libsmbclient >= 3.0.20b-3.17
  • libsmbclient-32bit >= 9-200705181249
  • libsmbclient-devel >= 3.0.20b-3.17
  • samba >= 3.0.20b-3.17
  • samba-client >= 3.0.20b-3.17
  • samba-doc >= 3.0.20b-3.17
  • samba-pdb >= 3.0.20b-3.17
  • samba-python >= 3.0.20b-3.17
  • samba-vscan >= 0.3.6b-0.21
  • samba-winbind >= 3.0.20b-3.17
sles9-nld.x86
core9.s390
YOU Patch Nr: 11522