Lucene search

[email protected]CVE-2007-2446

HistoryMay 14, 2007 - 9:19 p.m.

CVE-2007-2446

2007-05-1421:19:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

2007

2446

heap-based

buffer overflows

samba

remote

arbitrary code

ndr parsing

ms-rpc requests

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.963 High

EPSS

Percentile

99.5%

JSON

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).

Affected configurations

NVD

Node

sambasambaMatch3.0.0

sambasambaMatch3.0.1

sambasambaMatch3.0.2

sambasambaMatch3.0.2a

sambasambaMatch3.0.10

sambasambaMatch3.0.11

sambasambaMatch3.0.12

sambasambaMatch3.0.13

sambasambaMatch3.0.14

sambasambaMatch3.0.14a

sambasambaMatch3.0.15

sambasambaMatch3.0.16

sambasambaMatch3.0.17

sambasambaMatch3.0.18

sambasambaMatch3.0.19

sambasambaMatch3.0.20

sambasambaMatch3.0.20a

sambasambaMatch3.0.20b

sambasambaMatch3.0.21

sambasambaMatch3.0.21a

sambasambaMatch3.0.21b

sambasambaMatch3.0.21c

sambasambaMatch3.0.22

sambasambaMatch3.0.23

sambasambaMatch3.0.23a

sambasambaMatch3.0.23b

sambasambaMatch3.0.23c

sambasambaMatch3.0.23d

sambasambaMatch3.0.24

sambasambaMatch3.0.25pre1

sambasambaMatch3.0.25pre2

sambasambaMatch3.0.25rc1

sambasambaMatch3.0.25rc2

sambasambaMatch3.0.25rc3

CPENameOperatorVersion
samba:sambasambaeq3.0.0
samba:sambasambaeq3.0.1
samba:sambasambaeq3.0.2
samba:sambasambaeq3.0.2a
samba:sambasambaeq3.0.10
samba:sambasambaeq3.0.11
samba:sambasambaeq3.0.12
samba:sambasambaeq3.0.13
samba:sambasambaeq3.0.14
samba:sambasambaeq3.0.14a

CPE	Name	Operator	Version
samba:samba	samba	eq	3.0.0
samba:samba	samba	eq	3.0.1
samba:samba	samba	eq	3.0.2
samba:samba	samba	eq	3.0.2a
samba:samba	samba	eq	3.0.10
samba:samba	samba	eq	3.0.11
samba:samba	samba	eq	3.0.12
samba:samba	samba	eq	3.0.13
samba:samba	samba	eq	3.0.14
samba:samba	samba	eq	3.0.14a

Rows per page:

1-10 of 301

References

docs.info.apple.com/article.html?artnum=306172

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980

lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

lists.suse.com/archive/suse-security-announce/2007-May/0006.html

osvdb.org/34699

osvdb.org/34731

osvdb.org/34733

secunia.com/advisories/25232

secunia.com/advisories/25241

secunia.com/advisories/25246

secunia.com/advisories/25251

secunia.com/advisories/25255

secunia.com/advisories/25256

secunia.com/advisories/25257

secunia.com/advisories/25259

secunia.com/advisories/25270

secunia.com/advisories/25289

secunia.com/advisories/25391/

secunia.com/advisories/25567

secunia.com/advisories/25675

secunia.com/advisories/25772

secunia.com/advisories/26235

secunia.com/advisories/26909

secunia.com/advisories/27706

secunia.com/advisories/28292

security.gentoo.org/glsa/glsa-200705-15.xml

securityreason.com/securityalert/2702

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906

sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1

www.debian.org/security/2007/dsa-1291

www.kb.cert.org/vuls/id/773720

www.mandriva.com/security/advisories?name=MDKSA-2007:104

www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html

www.osvdb.org/34732

www.redhat.com/support/errata/RHSA-2007-0354.html

www.samba.org/samba/security/CVE-2007-2446.html

www.securityfocus.com/archive/1/468542/100/0/threaded

www.securityfocus.com/archive/1/468670/100/0/threaded

www.securityfocus.com/archive/1/468672/100/0/threaded

www.securityfocus.com/archive/1/468673/100/0/threaded

www.securityfocus.com/archive/1/468674/100/0/threaded

www.securityfocus.com/archive/1/468675/100/0/threaded

www.securityfocus.com/archive/1/468680/100/0/threaded

www.securityfocus.com/bid/23973

www.securityfocus.com/bid/24195

www.securityfocus.com/bid/24196

www.securityfocus.com/bid/24197

www.securityfocus.com/bid/24198

www.securityfocus.com/bid/25159

www.securitytracker.com/id?1018050

www.trustix.org/errata/2007/0017/

www.ubuntu.com/usn/usn-460-1

www.vupen.com/english/advisories/2007/1805

www.vupen.com/english/advisories/2007/2079

www.vupen.com/english/advisories/2007/2210

www.vupen.com/english/advisories/2007/2281

www.vupen.com/english/advisories/2007/2732

www.vupen.com/english/advisories/2007/3229

www.vupen.com/english/advisories/2008/0050

www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf

www.zerodayinitiative.com/advisories/ZDI-07-029.html

www.zerodayinitiative.com/advisories/ZDI-07-030.html

www.zerodayinitiative.com/advisories/ZDI-07-031.html

www.zerodayinitiative.com/advisories/ZDI-07-032.html

www.zerodayinitiative.com/advisories/ZDI-07-033.html

exchange.xforce.ibmcloud.com/vulnerabilities/34309

exchange.xforce.ibmcloud.com/vulnerabilities/34311

exchange.xforce.ibmcloud.com/vulnerabilities/34312

exchange.xforce.ibmcloud.com/vulnerabilities/34314

exchange.xforce.ibmcloud.com/vulnerabilities/34316

issues.rpath.com/browse/RPL-1366

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11415

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.963 High

EPSS

Percentile

99.5%

JSON

CVE-2007-2446

Affected configurations

References

Related