CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.6%
Added: 12/24/2007
CVE: CVE-2007-2446
BID: 24195
OSVDB: 34699
Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems.
A vulnerability in the LSA RPC interface allows a remote attacker to execute arbitrary commands by sending a specially crafted **LsarLookupSids/LsarLookupSids2**
request, which causes a buffer overflow in the **lsa_io_trans_names**
function.
Upgrade to Samba 3.0.25 or higher, apply the patch for Samba 3.0.24, or apply the patch for Solaris.
<http://www.zerodayinitiative.com/advisories/ZDI-07-033.html>
<http://us1.samba.org/samba/security/CVE-2007-2446.html>
Exploit works on Samba 3.0.24 on Sun SPARC Solaris 9 and Samba 3.0.22 on SuSE Linux Enterprise Server 10.
Since the exploit uses a brute force method, extra time may be required before the exploit succeeds.
The Crypt::DES, Digest::MD4, and Digest::MD5 packages are required for this exploit. These packages are available from <http://cpan.org/modules/by-module/>.
SunOS / Solaris
Linux