(HP Issues Fix for Tru64) Samba SID/Name Translation Bug Lets Local Users Gain Root Privileges
|
|
SecurityTracker Alert ID: 1018274 |
|
SecurityTracker URL: http://securitytracker.com/id/1018274
|
|
CVE Reference:
CVE-2007-2444
(Links to External Site)
|
Date: Jun 21 2007
|
Impact:
Root access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.0.23d - 3.0.25pre2
|
Description:
A vulnerability was reported in Samba. A local user can obtain root privileges on the target system.
The server does not properly translate SIDs to/from names when using a Samba local list of user and group accounts. A local user can issue SMB/CIFS protocol operations with root privileges. This allows the local user to obtain root privileges on the target system.
The vendor was notified on March 20, 2007.
Paul Griffith and Andrew Hogue discovered this vulnerability.
|
Impact:
A local user can obtain root privileges on the target system.
|
Solution:
HP has issued a patch, available at:
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=IX66-SAMBA-20070530
HP Internet Express for Tru64 UNIX - Samba 3.0.25
Prerequisite: HP Internet Express for Tru64 UNIX v 6.6
Name: IX66-SAMBA-20070528.tar.gz
The fix will be included in the upcoming version 6.7.
The HP advisory is available at:
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01078980
|
Vendor URL: www.samba.org/samba/security/ (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
UNIX (Tru64)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 20 Jun 2007 14:08:43 -0400
Subject: HPSBTU02218 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Eleva
|
https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c01078980
CVE-2007-2444, CVE-2007-2446, CVE-2007-2447
|
|
