Referenced CVEs:
CVE-2007-6015
Description:
=========================================================== Ubuntu Security Notice USN-556-1 December 18, 2007samba vulnerabilityCVE-2007-6015===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 6.10Ubuntu 7.04Ubuntu 7.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libsmbclient 3.0.22-1ubuntu3.6 samba 3.0.22-1ubuntu3.6Ubuntu 6.10: libsmbclient 3.0.22-1ubuntu4.5 samba 3.0.22-1ubuntu4.5Ubuntu 7.04: libsmbclient 3.0.24-2ubuntu1.5 samba 3.0.24-2ubuntu1.5Ubuntu 7.10: libsmbclient 3.0.26a-1ubuntu2.3 samba 3.0.26a-1ubuntu2.3In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Alin Rad Pop discovered that Samba did not correctly check the sizeof reply packets to mailslot requests. If a server was configuredwith domain logon enabled, an unauthenticated remote attacker could senda specially crafted domain logon packet and execute arbitrary code orcrash the Samba service. By default, domain logon is disabled in Ubuntu.
More...
