9.3
CVE-2007-6015
- EPSS 27.48%
- Veröffentlicht 13.12.2007 21:46:00
- Zuletzt bearbeitet 16.06.2026 22:47:15
- Quelle PSIRT-CNA@flexerasoftware.com
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 27.48% | 0.978 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://docs.info.apple.com/article.html?artnum=307430
http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
http://www.us-cert.gov/cas/techalerts/TA08-043B.html
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
http://secunia.com/advisories/29032
http://www.securityfocus.com/archive/1/488457/100/0/threaded
http://www.vupen.com/english/advisories/2008/0637
http://secunia.com/advisories/28891
http://www.vupen.com/english/advisories/2008/0495/references
http://marc.info/?l=bugtraq&m=120524782005154&w=2
http://secunia.com/advisories/29341
http://secunia.com/advisories/30484
http://secunia.com/advisories/30835
http://www.vupen.com/english/advisories/2008/0859/references
http://www.vupen.com/english/advisories/2008/1712/references
http://www.vupen.com/english/advisories/2008/1908
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657
http://bugs.gentoo.org/show_bug.cgi?id=200773
http://secunia.com/advisories/27760
http://secunia.com/advisories/27894
http://secunia.com/advisories/27977
http://secunia.com/advisories/27993
http://secunia.com/advisories/27999
http://secunia.com/advisories/28003
http://secunia.com/advisories/28028
http://secunia.com/advisories/28029
http://secunia.com/advisories/28037
http://secunia.com/advisories/28067
http://secunia.com/advisories/28089
http://secunia.com/secunia_research/2007-99/advisory/
http://security.gentoo.org/glsa/glsa-200712-10.xml
http://securityreason.com/securityalert/3438
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1
http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm
http://www.debian.org/security/2007/dsa-1427
http://www.kb.cert.org/vuls/id/438395
http://www.mandriva.com/security/advisories?name=MDKSA-2007:244
http://www.novell.com/linux/security/advisories/2007_68_samba.html
http://www.redhat.com/support/errata/RHSA-2007-1114.html
http://www.redhat.com/support/errata/RHSA-2007-1117.html
http://www.samba.org/samba/security/CVE-2007-6015.html
http://www.securityfocus.com/archive/1/484818/100/0/threaded
http://www.securityfocus.com/archive/1/484825/100/0/threaded
http://www.securityfocus.com/archive/1/484827/100/0/threaded
http://www.securityfocus.com/archive/1/485144/100/0/threaded
http://www.securityfocus.com/bid/26791
http://www.securitytracker.com/id?1019065
http://www.ubuntu.com/usn/usn-556-1
http://www.vupen.com/english/advisories/2007/4153
https://exchange.xforce.ibmcloud.com/vulnerabilities/38965
https://issues.rpath.com/browse/RPL-1976
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html