--- /dev/null
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<title>Samba - Security Announcement Archive</title>
+</head>
+
+<body>
+
+ <H2>CVE-2007-6015 - Remote Code Execution in Samba's nmbd (send_mailslot())</H2>
+
+<p>
+<pre>
+==========================================================
+==
+== Subject: Boundary failure in GETDC mailslot
+== processing can result in a buffer overrun
+==
+== CVE ID#: CVE-2007-6015
+==
+== Versions: Samba 3.0.0 - 3.0.27a (inclusive)
+==
+== Summary: Specifically crafted GETDC mailslot requests
+== can trigger a boundary error in the domain
+== controller GETDC mail slot support which
+== can be remotely exploited to execute arbitrary
+== code.
+==
+==========================================================
+
+===========
+Description
+===========
+
+Secunia Research reported a vulnerability that allows for
+the execution of arbitrary code in nmbd. This defect is
+only be exploited when the "domain logons" parameter has
+been enabled in smb.conf.
+
+
+==================
+Patch Availability
+==================
+
+A patch addressing this defect has been posted to
+
+ http://www.samba.org/samba/security/
+
+Additionally, Samba 3.0.28 has been issued as a security
+release to correct the defect.
+
+
+==========
+Workaround
+==========
+
+Samba administrators may avoid this security issue by disabling
+both the "domain logons" options in the server's smb.conf file.
+Note that this will disable all domain controller features as
+well.
+
+
+=======
+Credits
+=======
+
+This vulnerability was reported to Samba developers by
+Alin Rad Pop, Secunia Research.
+
+The time line is as follows:
+
+* Nov 22, 2007: Initial report to security@samba.org.
+* Nov 22, 2007: First response from Samba developers confirming
+ the bug along with a proposed patch.
+* Dec 10, 2007: Public security advisory made available.
+
+
+==========================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==========================================================
+</pre>
+</body>
+</html>