7.5

CVE-2007-0454

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version3.0.6
SambaSamba Version3.0.7
SambaSamba Version3.0.8
SambaSamba Version3.0.9
SambaSamba Version3.0.10
SambaSamba Version3.0.11
SambaSamba Version3.0.12
SambaSamba Version3.0.13
SambaSamba Version3.0.14
SambaSamba Version3.0.14a
SambaSamba Version3.0.20
SambaSamba Version3.0.20a
SambaSamba Version3.0.20b
SambaSamba Version3.0.21
SambaSamba Version3.0.21a
SambaSamba Version3.0.21b
SambaSamba Version3.0.21c
SambaSamba Version3.0.22
SambaSamba Version3.0.23d
DebianDebian Linux Version3.0
DebianDebian Linux Version3.0 Editionalpha
DebianDebian Linux Version3.0 Editionarm
DebianDebian Linux Version3.0 Editionhppa
DebianDebian Linux Version3.0 Editionia-32
DebianDebian Linux Version3.0 Editionia-64
DebianDebian Linux Version3.0 Editionm68k
DebianDebian Linux Version3.0 Editionmips
DebianDebian Linux Version3.0 Editionmipsel
DebianDebian Linux Version3.0 Editionppc
DebianDebian Linux Version3.0 Editions-390
DebianDebian Linux Version3.0 Editionsparc
DebianDebian Linux Version3.1
DebianDebian Linux Version3.1 Editionalpha
DebianDebian Linux Version3.1 Editionamd64
DebianDebian Linux Version3.1 Editionarm
DebianDebian Linux Version3.1 Editionhppa
DebianDebian Linux Version3.1 Editionia-32
DebianDebian Linux Version3.1 Editionia-64
DebianDebian Linux Version3.1 Editionm68k
DebianDebian Linux Version3.1 Editionmips
DebianDebian Linux Version3.1 Editionmipsel
DebianDebian Linux Version3.1 Editionppc
DebianDebian Linux Version3.1 Editions-390
DebianDebian Linux Version3.1 Editionsparc
MandrakesoftMandrake Linux Version2006
MandrakesoftMandrake Linux Version2006 Editionx86_64
MandrakesoftMandrake Linux Corporate Server Version3.0 Editionx86_64
MandrakesoftMandrake Linux Corporate Server Version4.0 Editionx86_64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.41% 0.928
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://secunia.com/advisories/24151
Vendor Advisory
http://www.trustix.org/errata/2007/0007
http://secunia.com/advisories/24021
Vendor Advisory
http://secunia.com/advisories/24046
Vendor Advisory
http://secunia.com/advisories/24060
Vendor Advisory
http://secunia.com/advisories/24067
Vendor Advisory
http://secunia.com/advisories/24101
Vendor Advisory
http://secunia.com/advisories/24145
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
http://www.debian.org/security/2007/dsa-1257
http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
http://www.securityfocus.com/archive/1/459365/100/0/threaded
http://www.ubuntu.com/usn/usn-419-1
http://www.vupen.com/english/advisories/2007/0483
Vendor Advisory
https://issues.rpath.com/browse/RPL-1005
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
http://osvdb.org/33101
http://securitytracker.com/id?1017588
http://us1.samba.org/samba/security/CVE-2007-0454.html
http://www.kb.cert.org/vuls/id/649732
US Government Resource
http://www.securityfocus.com/archive/1/459179/100/0/threaded
http://www.securityfocus.com/bid/22403
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/32304