Debian Security Advisory
DSA-2812-1 samba -- several vulnerabilities
- Date Reported:
- 09 Dec 2013
- Affected Packages:
- samba
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-4408, CVE-2013-4475.
- More information:
-
Two security issues were found in Samba, a SMB/CIFS file, print, and login server:
- CVE-2013-4408
It was discovered that multiple buffer overflows in the processing of DCE-RPC packets may lead to the execution of arbitrary code.
- CVE-2013-4475
Hemanth Thummala discovered that ACLs were not checked when opening files with alternate data streams. This issue is only exploitable if the VFS modules vfs_streams_depot and/or vfs_streams_xattr are used.
For the oldstable distribution (squeeze), these problems have been fixed in version 3.5.6~dfsg-3squeeze11.
For the stable distribution (wheezy), these problems have been fixed in version 3.6.6-6+deb7u2.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your samba packages.
- CVE-2013-4408