Debian Security Advisory
DSA-2812-1 samba -- several vulnerabilities
- Date Reported:
- 09 Dec 2013
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-4408, CVE-2013-4475.
- More information:
Two security issues were found in Samba, a SMB/CIFS file, print, and login server:
It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code.
Hemanth Thummala discovered that ACLs were not checked when opening files with alternate data streams. This issue is only exploitable if the VFS modules vfs_streams_depot and/or vfs_streams_xattr are used.
For the oldstable distribution (squeeze), these problems have been fixed in version 3.5.6~dfsg-3squeeze11.
For the stable distribution (wheezy), these problems have been fixed in version 3.6.6-6+deb7u2.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your samba packages.