FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-0454

This CVE name corresponds to:

Entered Topic
2007-03-16 samba -- format string bug in afsacl.so VFS plugin

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-0454 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-0454
Phase Assigned(20070123)

Description

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

References

Source Reference
BUGTRAQ 20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin
BUGTRAQ 20070207 rPSA-2007-0026-1 samba samba-swat
CONFIRM http://us1.samba.org/samba/security/CVE-2007-0454.html
CONFIRM https://issues.rpath.com/browse/RPL-1005
DEBIAN DSA-1257
GENTOO GLSA-200702-01
MANDRIVA MDKSA-2007:034
OPENPKG OpenPKG-SA-2007.012
SLACKWARE SSA:2007-038-01
TRUSTIX 2007-0007
UBUNTU USN-419-1
CERT-VN VU#649732
BID 22403
VUPEN ADV-2007-0483
OSVDB 33101
SECTRACK 1017588
SECUNIA 24021
SECUNIA 24060
SECUNIA 24067
SECUNIA 24101
SECUNIA 24046
SECUNIA 24151
SECUNIA 24145
XF samba-afsacl-format-string(32304)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.