[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2007-2446

Date: (C)2007-05-14   (M)2017-10-12
 
CVSS Score: 10.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).

Reference:
SECTRACK-1018050
SUNALERT-102964
SUNALERT-200588
2007-0017
http://www.securityfocus.com/archive/1/archive/1/468542/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/468670/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/468674/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/468675/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/468673/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/468672/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/468680/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
BID-23973
BID-24195
BID-24196
BID-24197
BID-24198
BID-25159
SECUNIA-25232
SECUNIA-25241
SECUNIA-25246
SECUNIA-25251
SECUNIA-25255
SECUNIA-25256
SECUNIA-25257
SECUNIA-25259
SECUNIA-25270
SECUNIA-25289
SECUNIA-25391
SECUNIA-25567
SECUNIA-25675
SECUNIA-25772
SECUNIA-26235
SECUNIA-26909
SREASON-2702
SECUNIA-27706
SECUNIA-28292
OSVDB-34699
OSVDB-34731
OSVDB-34732
OSVDB-34733
ADV-2007-1805
ADV-2007-2079
ADV-2007-2210
ADV-2007-2281
ADV-2007-2732
ADV-2007-3229
ADV-2008-0050
APPLE-SA-2007-07-31
DSA-1291
GLSA-200705-15
HPSBTU02218
HPSBUX02218
MDKSA-2007:104
OpenPKG-SA-2007.012
RHSA-2007:0354
SSA:2007-134-01
SSRT071424
SUSE-SA:2007:031
USN-460-1
VU#773720
http://docs.info.apple.com/article.html?artnum=306172
http://www.samba.org/samba/security/CVE-2007-2446.html
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
http://www.zerodayinitiative.com/advisories/ZDI-07-029.html
http://www.zerodayinitiative.com/advisories/ZDI-07-030.html
http://www.zerodayinitiative.com/advisories/ZDI-07-031.html
http://www.zerodayinitiative.com/advisories/ZDI-07-032.html
http://www.zerodayinitiative.com/advisories/ZDI-07-033.html
https://issues.rpath.com/browse/RPL-1366
samba-lsaioprivilegeset-bo(34309)
samba-lsaiotransnames-bo(34316)
samba-netdfsiodfsenuminfod-bo(34311)
samba-secioacl-bo(34314)
samba-smbionotifyoptiontypedata-bo(34312)

CPE    34
cpe:/a:samba:samba:3.0.2a
cpe:/a:samba:samba:3.0.21a
cpe:/a:samba:samba:3.0.23c
cpe:/a:samba:samba:3.0.23b
...
CWE    1
CWE-119

© 2013 SecPod Technologies