CVE-2007-2444
samba - several vulnerabilities
EPSS 1.1%
Description
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
How to fix CVE-2007-2444
To remediate CVE-2007-2444, upgrade the affected package to a fixed version below.
- Debian/samba—upgrade to 3.0.25-1 or later
- Debian/samba—upgrade to 3.0.24-6etch2 or later
- Debian/samba—upgrade to 3.0.24-6+lenny3 or later
Is CVE-2007-2444 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.0.25-1
- from 0, < 3.0.24-6etch2
- from 0, < 3.0.24-6+lenny3