-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-35 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 19 Jul 2007 Last revised: 19 Jul 2007 Package: samba Summary: Two vulnerabilities discovered in samba More information: Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients. Multiple heap-based buffer overflows in the NDR parsing. Remote attackers to execute commands via shell metacharacters. Impact: This vulnerability may allow remote attackers to execute arbitrary code. Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux FUJI - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server Source Packages Size: MD5 samba-3.0.6-21.src.rpm 15055666 9a8c675022e89968f7c21b3cf1ff3a14 Binary Packages Size: MD5 samba-3.0.6-21.i586.rpm 24916711 e599de418c02c6386d670b629980581a samba-devel-3.0.6-21.i586.rpm 753580 66b30f142178dc77b9b28f21e45cb2d4 smbfs-3.0.6-21.i586.rpm 246719 b07ca1637aa60abc201b95c1c52cee45 Source Packages Size: MD5 samba-3.0.20a-10.src.rpm 17204971 0acf514906fe6a9708ca3a6ea25303e9 Binary Packages Size: MD5 samba-3.0.20a-10.i686.rpm 31613822 a00b5734ab277d6a099bdba870c054fd samba-devel-3.0.20a-10.i686.rpm 1170628 65e57742d3527975b8b714dc5f14b0c7 samba-python-3.0.20a-10.i686.rpm 5128470 aee4d5e3f45379130fda3e4f6c4592af smbfs-3.0.20a-10.i686.rpm 371132 afc4edf12de80c07dece580548fc392b Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/samba-3.0.6-21.src.rpm 15055666 7168f37c6895aec20821c3abc34e1555 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/samba-3.0.6-21.x86_64.rpm 26705720 1b84511cc4ef34fad90a786ef723e2f6 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/samba-debug-3.0.6-21.x86_64.rpm 3007718 c720fb9421a84e77550ae8eaed4777fe ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/samba-devel-3.0.6-21.x86_64.rpm 793395 976fc0248842517c30908f38bdce21f3 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/samba-python-3.0.6-21.x86_64.rpm 4770892 9974ba4556e11ea806746393a1c9fffc ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/smbfs-3.0.6-21.x86_64.rpm 302972 9c9d0c5d958451d81eaf059f547286a6 Source Packages Size: MD5 samba-2.2.7a-16jaJP.src.rpm 7219932 47d7b2b8d4f0bd6a2e4a52952fdfdce7 Binary Packages Size: MD5 samba-2.2.7a-16jaJP.i586.rpm 11187893 c4f91dc0b150e476492121616a5b58d4 samba-devel-2.2.7a-16jaJP.i586.rpm 501849 06be8181d3edf2bff9bfde8d782565ba smbfs-2.2.7a-16jaJP.i586.rpm 632067 7205f4fb2b0603e2134f2a530fbed598 Source Packages Size: MD5 samba-2.2.7a-16jaJP.src.rpm 7219932 688f18b4cd5d5a5eda0fcadd1b78cec5 Binary Packages Size: MD5 samba-2.2.7a-16jaJP.i586.rpm 11194428 ffd72dae44895e00d1816bc0cbece4e1 samba-devel-2.2.7a-16jaJP.i586.rpm 502621 62db681aa145cb153f69216af9420e87 smbfs-2.2.7a-16jaJP.i586.rpm 629481 fc7eba92d29d42c0c3510c35c72131fc Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/samba-3.0.6-21.src.rpm 15055666 9a8c675022e89968f7c21b3cf1ff3a14 Binary Packages Size: MD5 samba-3.0.6-21.i586.rpm 24916711 e599de418c02c6386d670b629980581a samba-debug-3.0.6-21.i586.rpm 2918211 ca9d6be9917148137de35a6ba962e858 samba-devel-3.0.6-21.i586.rpm 753580 66b30f142178dc77b9b28f21e45cb2d4 samba-python-3.0.6-21.i586.rpm 4048073 d55edc9e39d270603089541e4ea2af5e smbfs-3.0.6-21.i586.rpm 246719 b07ca1637aa60abc201b95c1c52cee45 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/samba-2.2.7a-16jaJP.src.rpm 7219932 769790c9f7f978680b5f54834c878c26 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/samba-2.2.7a-16jaJP.i586.rpm 11181445 c11ceb20eea25e78e3c981be65a0b82a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/samba-devel-2.2.7a-16jaJP.i586.rpm 515286 ccb4ce321b7634757c8c6509e1486ec6 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/smbfs-2.2.7a-16jaJP.i586.rpm 643985 cdda404e4827ff3ea1fe9db27ac2515d Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/samba-2.2.7a-16jaJP.src.rpm 7219932 cec38f4d15352b8dfa1fedc703efd495 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/samba-2.2.7a-16jaJP.i586.rpm 11194644 e9f79b1a4b651040c2dc1b24902ed882 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/samba-devel-2.2.7a-16jaJP.i586.rpm 502342 188967d7f50ae47e29a8475510e440cb ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/smbfs-2.2.7a-16jaJP.i586.rpm 629386 bb4e1ab127f064b443fc87318f697b1d References: CVE [CVE-2007-2446] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446 [CVE-2007-2447] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447 -------------------------------------------------------------------------- Revision History 19 Jul 2007 Initial release -------------------------------------------------------------------------- Copyright(C) 2007 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGnzJaK0LzjOqIJMwRAsGvAJ0RgEohtB/eOhG5EAk6N1rG83vbYgCgpnLd rW390JPEeoFKFAHRUiEI6JI= =MuyO -----END PGP SIGNATURE-----