Published: 14/05/2007 Updated: 16/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 up to and including 3.0.25rc3 allow remote malicious users to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba 3.0.14
samba samba 3.0.14a
samba samba 3.0.20a
samba samba 3.0.20b
samba samba 3.0.23a
samba samba 3.0.23b
samba samba 3.0.25
samba samba 3.0.0
samba samba 3.0.1
samba samba 3.0.15
samba samba 3.0.16
samba samba 3.0.21
samba samba 3.0.21a
samba samba 3.0.23c
samba samba 3.0.23d
samba samba 3.0.2a
samba samba 3.0.12
samba samba 3.0.13
samba samba 3.0.2
samba samba 3.0.20
samba samba 3.0.22
samba samba 3.0.23
samba samba 3.0.10
samba samba 3.0.11
samba samba 3.0.17
samba samba 3.0.18
samba samba 3.0.19
samba samba 3.0.21b
samba samba 3.0.21c
samba samba 3.0.24

Paul Griffith and Andrew Hogue discovered that Samba did not fully drop root privileges while translating SIDs A remote authenticated user could issue SMB operations during a small window of opportunity and gain root privileges (CVE-2007-2444) ...

Several issues have been identified in Samba, the SMB/CIFS file- and print-server implementation for GNU/Linux CVE-2007-2444 When translating SIDs to/from names using Samba local list of user and group accounts, a logic error in the smbd daemon's internal security stack may result in a transition to the root user id rather than the ...

## # $Id: lsa_transnames_heaprb 9021 2010-04-05 23:34:10Z hdm $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cl ...

## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Ms ...

## # $Id: lsa_transnames_heaprb 9828 2010-07-14 17:27:23Z hdm $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cl ...

人生总有一个仓库来放琐碎的世： TFTP_RDDOS: TFTP反射放大攻击相关代码，原发表至Drops editor_tools: 在Drops时方便编辑的小脚本 pktcap: 使用scapy嗅探数据包的小玩意 port_scan: 使用scapy进行端口扫描的工具 puzzle2016: 我云puzzle 2016题解相关代码 cve_2007_2446_pcapng：CVE-2007-2446 msf攻击数据包 ble_hackmelock:

FIWARE Cyber seCurity Attack graPh moniTORing - Server (Computing)

CyberCAPTOR Server FIWARE Cyber seCurity Attack graPh moniTORing - Server This project is part of FIWARE For more information, please consult FIWARE website CyberCAPTOR is an implementation of the Cyber Security Generic Enabler, the future developments of the Security Monitoring GE Build Status: Table of Contents CyberCAPTOR Server Development Version Installation Prereq

CyberCAPTOR Server [Cyber seCurity Attack graPh moniTORing - Server] CyberCAPTOR is an implementation of the Cyber Security Generic Enabler, the future developments of the Security Monitoring GE NOTE : This repository was adapted to fit the needs of the DOCTOR and 5G-ENSURE projects Namely, the container now embeds a monolithic version of CyberCAPTOR, with the API server, web

CWE-119 http://www.samba.org/samba/security/CVE-2007-2446.html https://issues.rpath.com/browse/RPL-1366 http://www.redhat.com/support/errata/RHSA-2007-0354.html http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906 http://www.kb.cert.org/vuls/id/773720 http://www.securityfocus.com/bid/23973 http://secunia.com/advisories/25241 http://secunia.com/advisories/25246 http://secunia.com/advisories/25256 http://secunia.com/advisories/25257 http://www.zerodayinitiative.com/advisories/ZDI-07-029.html http://www.zerodayinitiative.com/advisories/ZDI-07-030.html http://www.zerodayinitiative.com/advisories/ZDI-07-031.html http://www.zerodayinitiative.com/advisories/ZDI-07-032.html http://www.zerodayinitiative.com/advisories/ZDI-07-033.html http://www.debian.org/security/2007/dsa-1291 http://security.gentoo.org/glsa/glsa-200705-15.xml http://www.trustix.org/errata/2007/0017/http://www.ubuntu.com/usn/usn-460-1 http://www.securitytracker.com/id?1018050 http://secunia.com/advisories/25232 http://secunia.com/advisories/25251 http://secunia.com/advisories/25270 http://secunia.com/advisories/25259 http://secunia.com/advisories/25255 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 http://www.mandriva.com/security/advisories?name=MDKSA-2007:104 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1 http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html http://www.securityfocus.com/bid/24195 http://www.securityfocus.com/bid/24196 http://www.securityfocus.com/bid/24198 http://www.securityfocus.com/bid/24197 http://www.securityfocus.com/bid/25159 http://www.osvdb.org/34732 http://secunia.com/advisories/25289 http://secunia.com/advisories/25567 http://secunia.com/advisories/25675 http://secunia.com/advisories/25772 http://secunia.com/advisories/26235 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 http://securityreason.com/securityalert/2702 http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf http://secunia.com/advisories/28292 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768 http://www.vupen.com/english/advisories/2007/2281 http://www.vupen.com/english/advisories/2007/3229 http://www.vupen.com/english/advisories/2007/2210 http://www.vupen.com/english/advisories/2007/1805 http://www.vupen.com/english/advisories/2007/2079 http://www.vupen.com/english/advisories/2007/2732 http://www.vupen.com/english/advisories/2008/0050 http://osvdb.org/34733 http://osvdb.org/34699 http://osvdb.org/34731 http://secunia.com/advisories/25391/https://exchange.xforce.ibmcloud.com/vulnerabilities/34316 https://exchange.xforce.ibmcloud.com/vulnerabilities/34314 https://exchange.xforce.ibmcloud.com/vulnerabilities/34312 https://exchange.xforce.ibmcloud.com/vulnerabilities/34311 https://exchange.xforce.ibmcloud.com/vulnerabilities/34309 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11415 http://www.securityfocus.com/archive/1/468680/100/0/threaded http://www.securityfocus.com/archive/1/468675/100/0/threaded http://www.securityfocus.com/archive/1/468674/100/0/threaded http://www.securityfocus.com/archive/1/468673/100/0/threaded http://www.securityfocus.com/archive/1/468672/100/0/threaded http://www.securityfocus.com/archive/1/468670/100/0/threaded http://www.securityfocus.com/archive/1/468542/100/0/threaded https://usn.ubuntu.com/460-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/16329/https://www.kb.cert.org/vuls/id/773720

CVE-2007-2446

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect