[Samba] patch or upgrade for vulnerability - Samba

This is a discussion on [Samba] patch or upgrade for vulnerability - Samba ; I am trying to do some research on two Samba Vulnerabilities; Samba MS-RPC Request Parsing Heap Buffer Overflows (CVE-2007-2446) and Samba Remote Command Injection Vulnerability (CVE-2007-2447). In reading the documentation for these vulnerabilities, it appears that the available patches, to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: [Samba] patch or upgrade for vulnerability

  1. [Samba] patch or upgrade for vulnerability

    I am trying to do some research on two Samba Vulnerabilities; Samba
    MS-RPC Request Parsing Heap Buffer Overflows (CVE-2007-2446) and Samba
    Remote Command Injection Vulnerability (CVE-2007-2447). In reading the
    documentation for these vulnerabilities, it appears that the available
    patches, to fix the problems, are for version 3.0.24. I am currently
    running version 3.0.21, on Solaris 10. Does that mean that the
    vulnerability does not relate to my version? If not, is there somewhere
    that I can download the patch for version 3.0.21? If not, and the only
    way to resolve the vulnerability is to upgrade, are there upgrade
    documents somewhere? I have installation, but not upgrade
    documentation. Thanks



    Pati M

    "UNIX is user friendly. It's just picky about who it's friends with."




    This email may contain material that is confidential, privileged, and/or attorney work product for the sole use of the intended recipient. Any review, reliance, or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


  2. Re: [Samba] patch or upgrade for vulnerability

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Moss, Patricia wrote:
    > I am trying to do some research on two Samba Vulnerabilities; Samba
    > MS-RPC Request Parsing Heap Buffer Overflows (CVE-2007-2446) and Samba
    > Remote Command Injection Vulnerability (CVE-2007-2447). In reading the
    > documentation for these vulnerabilities, it appears that the available
    > patches, to fix the problems, are for version 3.0.24. I am currently
    > running version 3.0.21, on Solaris 10. Does that mean that the
    > vulnerability does not relate to my version? If not, is there somewhere
    > that I can download the patch for version 3.0.21? If not, and the only
    > way to resolve the vulnerability is to upgrade, are there upgrade
    > documents somewhere? I have installation, but not upgrade
    > documentation. Thanks


    All of the security announcements indicate the versions which
    are impacted. Generally we provide patches for the current release
    (at the time) and rely upon vendors to backport to their
    versions.







    cheers, jerry
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFISA3lIR7qMdg1EfYRAl4eAJ9S+c+VEXut3VJpsFhbIg EYNZQ8WwCfazUi
    mgm5M/SYqjO2cLqP9n04U9U=
    =e2JA
    -----END PGP SIGNATURE-----
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba


+ Reply to Thread