Advisories:rPSA-2007-0261

From rPath Wiki

rPath Security Advisory 2007-0261-2

Published: 2007-12-10

Updated

1. 2007-12-21 version 3.0.28 released, /var/spool/samba/ added

Products

• rPath Linux 1

Rating

Severe

Exposure Level Classification

Remote Root Deterministic Unauthorized Access

Updated Versions

• samba=conary.rpath.com@rpl:1/3.0.28-0.1-1
• samba-swat=conary.rpath.com@rpl:1/3.0.28-0.1-1

rPath Issue Tracking System

• RPL-1803
• RPL-1976

References

• CVE-2007-6015

Description

Previous versions of the samba package are vulnerable to a remote

Arbitrary Code Execution attack when the "domain logons" configuration

option is enabled.

In its default configuration, rPath Linux 1 is not vulnerable to this

attack.

21 Dec 2007 Update: Version 3.0.28 has been released to address

CVE-2007-6015. Additionally, previous versions of the samba package

lack the /var/spool/samba directory, which is referred to in the

[printers] section of the smb.conf configuration file. This directory

has been added.

Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html