7.2

CVE-2007-2444

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version3.0.23d
SambaSamba Version3.0.24
SambaSamba Version3.0.25 Updatepre2
DebianDebian Linux Version4.0
DebianDebian Linux Version5.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.512
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
Broken Link
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
Third Party Advisory
http://secunia.com/advisories/25255
Third Party Advisory
http://www.trustix.org/errata/2007/0017/
Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
Broken Link
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
Third Party Advisory
Mailing List
http://osvdb.org/34698
Broken Link
http://secunia.com/advisories/25232
Third Party Advisory
http://secunia.com/advisories/25241
Third Party Advisory
http://secunia.com/advisories/25246
Third Party Advisory
http://secunia.com/advisories/25251
Third Party Advisory
http://secunia.com/advisories/25256
Third Party Advisory
http://secunia.com/advisories/25259
Third Party Advisory
http://secunia.com/advisories/25270
Third Party Advisory
http://secunia.com/advisories/25289
Third Party Advisory
http://secunia.com/advisories/25675
Third Party Advisory
http://secunia.com/advisories/25772
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200705-15.xml
Third Party Advisory
http://securityreason.com/securityalert/2701
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
Third Party Advisory
Mailing List
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
Broken Link
http://www.debian.org/security/2007/dsa-1291
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
Broken Link
http://www.samba.org/samba/security/CVE-2007-2444.html
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/468548/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/468670/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/23974
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018049
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-460-1
Third Party Advisory
http://www.ubuntu.com/usn/usn-460-2
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1805
Permissions Required
http://www.vupen.com/english/advisories/2007/2210
Permissions Required
http://www.vupen.com/english/advisories/2007/2281
Permissions Required
https://issues.rpath.com/browse/RPL-1366
Broken Link