FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-2446

This CVE name corresponds to:

Entered Topic
2007-05-16 samba -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-2446 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-2446
Phase Assigned(20070502)

Description

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).

References

Source Reference
BUGTRAQ 20070513 [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution
BUGTRAQ 20070515 FLEA-2007-0017-1: samba
BUGTRAQ 20070515 ZDI-07-029: Samba lsa_io_privilege_set Heap Overflow Vulnerability
BUGTRAQ 20070515 ZDI-07-030: Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability
BUGTRAQ 20070515 ZDI-07-031: Samba smb_io_notify_option_type_data Heap Overflow Vulnerability
BUGTRAQ 20070515 ZDI-07-032: Samba sec_io_acl Heap Overflow Vulnerability
BUGTRAQ 20070515 ZDI-07-033: Samba lsa_io_trans_names Heap Overflow Vulnerability
FULLDISC 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
MISC http://www.zerodayinitiative.com/advisories/ZDI-07-029.html
MISC http://www.zerodayinitiative.com/advisories/ZDI-07-030.html
MISC http://www.zerodayinitiative.com/advisories/ZDI-07-031.html
MISC http://www.zerodayinitiative.com/advisories/ZDI-07-032.html
MISC http://www.zerodayinitiative.com/advisories/ZDI-07-033.html
CONFIRM http://www.samba.org/samba/security/CVE-2007-2446.html
CONFIRM https://issues.rpath.com/browse/RPL-1366
CONFIRM http://docs.info.apple.com/article.html?artnum=306172
CONFIRM http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
APPLE APPLE-SA-2007-07-31
DEBIAN DSA-1291
GENTOO GLSA-200705-15
HP HPSBUX02218
HP SSRT071424
HP HPSBTU02218
MANDRIVA MDKSA-2007:104
OPENPKG OpenPKG-SA-2007.012
REDHAT RHSA-2007:0354
SLACKWARE SSA:2007-134-01
SUNALERT 102964
SUNALERT 200588
SUSE SUSE-SA:2007:031
TRUSTIX 2007-0017
UBUNTU USN-460-1
CERT-VN VU#773720
BID 23973
BID 24195
BID 24196
BID 24198
BID 24197
BID 25159
OSVDB 34699
OSVDB 34731
OSVDB 34733
OVAL oval:org.mitre.oval:def:11415
SECUNIA 25391
VUPEN ADV-2007-1805
VUPEN ADV-2007-2079
VUPEN ADV-2007-2210
VUPEN ADV-2007-2281
VUPEN ADV-2007-2732
VUPEN ADV-2007-3229
VUPEN ADV-2008-0050
OSVDB 34732
SECTRACK 1018050
SECUNIA 25241
SECUNIA 25246
SECUNIA 25256
SECUNIA 25257
SECUNIA 25232
SECUNIA 25251
SECUNIA 25270
SECUNIA 25259
SECUNIA 25255
SECUNIA 25289
SECUNIA 25567
SECUNIA 25675
SECUNIA 25772
SECUNIA 26235
SECUNIA 26909
SECUNIA 27706
SECUNIA 28292
SREASON 2702
XF samba-lsaioprivilegeset-bo(34309)
XF samba-lsaiotransnames-bo(34316)
XF samba-netdfsiodfsenuminfod-bo(34311)
XF samba-secioacl-bo(34314)
XF samba-smbionotifyoptiontypedata-bo(34312)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.