[Samba] samba problem: Multiple Heap Overflows Allow Remote Code Execution - Samba

This is a discussion on [Samba] samba problem: Multiple Heap Overflows Allow Remote Code Execution - Samba ; Dear Jeremy: We use samba 2.2.12 as our samba server, and it worked perfectly before, but now there is one security problem found in samba 3.0 now, so we worry about our samba server, but for some reason we can't ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] samba problem: Multiple Heap Overflows Allow Remote Code Execution

  1. [Samba] samba problem: Multiple Heap Overflows Allow Remote Code Execution

    Dear Jeremy: We use samba 2.2.12 as our samba server, and it worked perfectly before, but now there is one security problem found in samba 3.0 now, so we worry about our samba server, but for some reason we can't update to samba 3.0.25, so can you tell us whether the problem be existent in samba 2.2.12, or how can I test our samba server with some tools software? Thanks, Jack
    __________________________________________________ _______________
    通过 Live.com 查看资讯、娱乐信息和您关心的其他信息!
    http://www.live.com/getstarted.aspx
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] samba problem: Multiple Heap Overflows Allow Remote Code Execution

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    liujack,

    > Dear Jeremy: We use samba 2.2.12 as our
    > samba server, and it worked perfectly before,
    > but now there is one security problem found in
    > samba 3.0 now, so we worry about our samba server,
    > but for some reason we can't update to samba 3.0.25,
    > so can you tell us whether the problem be existent
    > in samba 2.2.12, or how can I test our samba server
    > with some tools software? Thanks, Jack


    For the record:

    CVE-2007-2447 was present in some form in the 2.2.x branch.
    CVE-2007-2444 does not apply to 3.0.23c or earlier releases.
    CVE-2007-2446 probably applies in some fashion to 2.2.x

    But Samba 2.2. was declared EOL in Oct of 2004. Your only
    option is to backport the patches yourself or contact a vendor
    for paid support and have them do it.





    cheers, jerry

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFGYAxEIR7qMdg1EfYRAiOuAJ4yoTBF28Zadx9vGv1OA8 k7Mt0lYgCdGglQ
    iYoLUmtywlj6kEJ4dBi8DVw=
    =fqrj
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] samba problem: Multiple Heap Overflows Allow Remote Code Execution

    On Fri, Jun 01, 2007 at 03:54:05PM +0800, liujack wrote:
    > Dear Jeremy: We use samba 2.2.12 as our samba
    > server, and it worked perfectly before, but now there
    > is one security problem found in samba 3.0 now, so we
    > worry about our samba server, but for some reason we can't
    > update to samba 3.0.25, so can you tell us whether the
    > problem be existent in samba 2.2.12, or how can I test
    > our samba server with some tools software? Thanks,


    Sorry, Samba 2.2 has been declared end of life for ages now.
    What are your reasons that you can not upgrade?

    Volker

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)

    iD8DBQFGYA5mpZr5CauZH5wRAkbUAKDTVyr9QEef970HkSYh2S vWxCumyACg71/5
    3Cj84js11aRnrAyEBz6ySdI=
    =7Fsj
    -----END PGP SIGNATURE-----


+ Reply to Thread