Erik Parker

**Name of the Vulnerable Software and Affected Versions** Samba versions 2.2.x through 2.2.7 Samba versions 2.0.10 and earlier Samba-TNG versions prior to 0.3.2 **Description** A buffer overflow issue in the call trans2open function in trans2.c allows remote attackers to execute arbitrary code. The problem occurs when copying user-supplied data into a static buffer, which may allow an attacker to corrupt sensitive locations in memory and execute arbitrary commands with the privileges of the Samba process. Multiple vulnerabilities in Samba packages may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For Samba versions 2.2.x through 2.2.7, update to version 2.2.8a or later. For Samba versions 2.0.10 and earlier, update to a version later than 2.0.10. For Samba-TNG versions prior to 0.3.2, update to version 0.3.2 or later. As a temporary workaround, consider restricting access to the Samba server until a patch is available.

Name of the Vulnerable Software and Affected Versions: GoAhead-Webs webserver for HP Instant TopTools versions prior to 5.55 Description: The issue allows remote attackers to cause a denial of service, specifically CPU consumption, by making a request to hpnst.exe that calls itself, resulting in an infinite loop. Recommendations: For versions prior to 5.55, consider restricting access to the hpnst.exe executable as a temporary workaround to minimize the risk of exploitation.