Lucene search

K

[email protected]NVD:CVE-2007-2444

HistoryMay 14, 2007 - 9:19 p.m.

CVE-2007-2444

2007-05-1421:19:00

CWE-269

[email protected]

web.nvd.nist.gov

2

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.529 Medium

EPSS

Percentile

97.6%

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

Affected configurations

NVD

Node

sambasambaMatch3.0.23d

OR

sambasambaMatch3.0.24

OR

sambasambaMatch3.0.25pre2

Node

debiandebian_linuxMatch4.0

OR

debiandebian_linuxMatch5.0

Node

canonicalubuntu_linuxMatch6.06

OR

canonicalubuntu_linuxMatch6.10

OR

canonicalubuntu_linuxMatch7.04

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980

lists.suse.com/archive/suse-security-announce/2007-May/0006.html

osvdb.org/34698

secunia.com/advisories/25232

secunia.com/advisories/25241

secunia.com/advisories/25246

secunia.com/advisories/25251

secunia.com/advisories/25255

secunia.com/advisories/25256

secunia.com/advisories/25259

secunia.com/advisories/25270

secunia.com/advisories/25289

secunia.com/advisories/25675

secunia.com/advisories/25772

security.gentoo.org/glsa/glsa-200705-15.xml

securityreason.com/securityalert/2701

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906

sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1

www.debian.org/security/2007/dsa-1291

www.mandriva.com/security/advisories?name=MDKSA-2007:104

www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html

www.samba.org/samba/security/CVE-2007-2444.html

www.securityfocus.com/archive/1/468548/100/0/threaded

www.securityfocus.com/archive/1/468670/100/0/threaded

www.securityfocus.com/bid/23974

www.securitytracker.com/id?1018049

www.trustix.org/errata/2007/0017/

www.ubuntu.com/usn/usn-460-1

www.ubuntu.com/usn/usn-460-2

www.vupen.com/english/advisories/2007/1805

www.vupen.com/english/advisories/2007/2210

www.vupen.com/english/advisories/2007/2281

issues.rpath.com/browse/RPL-1366

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.529 Medium

EPSS

Percentile

97.6%

Related for NVD:CVE-2007-2444

prion1 redhatcve1 samba1 ubuntucve1 openvas48 nessus11 ubuntu2 cvelist1 debiancve1 cve1 securityvulns2 debian4 gentoo1 slackware1 fedora2 suse1 osv1 freebsd1 altlinux1