Multiple vulnerabilities exist within the Samba networking tool, including remote code execution due to heap overflows, privilege escalation to root, and remote code execution through poor parameter handling.

Description:

The popular open source Samba networking tool (used to provide connection to Windows SMB/CIFS networking shares) has had a critical update released which addresses a number of vulnerabilities that could lead to remote attackers gaining complete control over a vulnerable system. Because of the popularity of the software, it is considered a serious threat that has the potential to affect many end users and administrators.

Mitigation:

Update to Samba 3.0.25 at the earliest opportunity.

Updates:

http://news.samba.org/releases/samba_3_0_25_release/

Source:

http://news.samba.org/releases/samba_3_0_25_release/

Exploits:

CVE-2007-2446 CVE-2007-2444 CVE-2007-2447