10

CVE-2007-2446

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version3.0.0
SambaSamba Version3.0.1
SambaSamba Version3.0.2
SambaSamba Version3.0.2a
SambaSamba Version3.0.10
SambaSamba Version3.0.11
SambaSamba Version3.0.12
SambaSamba Version3.0.13
SambaSamba Version3.0.14
SambaSamba Version3.0.14a
SambaSamba Version3.0.15
SambaSamba Version3.0.16
SambaSamba Version3.0.17
SambaSamba Version3.0.18
SambaSamba Version3.0.19
SambaSamba Version3.0.20
SambaSamba Version3.0.20a
SambaSamba Version3.0.20b
SambaSamba Version3.0.21
SambaSamba Version3.0.21a
SambaSamba Version3.0.21b
SambaSamba Version3.0.21c
SambaSamba Version3.0.22
SambaSamba Version3.0.23
SambaSamba Version3.0.23a
SambaSamba Version3.0.23b
SambaSamba Version3.0.23c
SambaSamba Version3.0.23d
SambaSamba Version3.0.24
SambaSamba Version3.0.25 Updatepre1
SambaSamba Version3.0.25 Updatepre2
SambaSamba Version3.0.25 Updaterc1
SambaSamba Version3.0.25 Updaterc2
SambaSamba Version3.0.25 Updaterc3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 77.81% 0.995
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://www.vupen.com/english/advisories/2007/3229
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
http://secunia.com/advisories/25255
Vendor Advisory
http://www.trustix.org/errata/2007/0017/
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
http://secunia.com/advisories/25232
Vendor Advisory
http://secunia.com/advisories/25241
Vendor Advisory
http://secunia.com/advisories/25246
Vendor Advisory
http://secunia.com/advisories/25251
Vendor Advisory
http://secunia.com/advisories/25256
Vendor Advisory
http://secunia.com/advisories/25259
Vendor Advisory
http://secunia.com/advisories/25270
Vendor Advisory
http://secunia.com/advisories/25289
http://secunia.com/advisories/25675
http://secunia.com/advisories/25772
http://security.gentoo.org/glsa/glsa-200705-15.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
http://www.debian.org/security/2007/dsa-1291
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
http://www.securityfocus.com/archive/1/468670/100/0/threaded
http://www.ubuntu.com/usn/usn-460-1
http://www.vupen.com/english/advisories/2007/1805
http://www.vupen.com/english/advisories/2007/2210
http://www.vupen.com/english/advisories/2007/2281
https://issues.rpath.com/browse/RPL-1366
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
http://osvdb.org/34699
http://osvdb.org/34731
http://osvdb.org/34733
http://secunia.com/advisories/25257
Vendor Advisory
http://secunia.com/advisories/25391/
http://secunia.com/advisories/25567
http://secunia.com/advisories/28292
http://securityreason.com/securityalert/2702
http://www.kb.cert.org/vuls/id/773720
US Government Resource
http://www.osvdb.org/34732
http://www.redhat.com/support/errata/RHSA-2007-0354.html
Vendor Advisory
http://www.samba.org/samba/security/CVE-2007-2446.html
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/468542/100/0/threaded
http://www.securityfocus.com/archive/1/468672/100/0/threaded
http://www.securityfocus.com/archive/1/468673/100/0/threaded
http://www.securityfocus.com/archive/1/468674/100/0/threaded
http://www.securityfocus.com/archive/1/468675/100/0/threaded
http://www.securityfocus.com/archive/1/468680/100/0/threaded
http://www.securityfocus.com/bid/23973
http://www.securityfocus.com/bid/24195
http://www.securityfocus.com/bid/24196
http://www.securityfocus.com/bid/24197
http://www.securityfocus.com/bid/24198
http://www.securitytracker.com/id?1018050
http://www.vupen.com/english/advisories/2007/2079
http://www.vupen.com/english/advisories/2008/0050
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
http://www.zerodayinitiative.com/advisories/ZDI-07-029.html
http://www.zerodayinitiative.com/advisories/ZDI-07-030.html
http://www.zerodayinitiative.com/advisories/ZDI-07-031.html
http://www.zerodayinitiative.com/advisories/ZDI-07-032.html
http://www.zerodayinitiative.com/advisories/ZDI-07-033.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/34309
https://exchange.xforce.ibmcloud.com/vulnerabilities/34311
https://exchange.xforce.ibmcloud.com/vulnerabilities/34312
https://exchange.xforce.ibmcloud.com/vulnerabilities/34314
https://exchange.xforce.ibmcloud.com/vulnerabilities/34316
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11415