FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-6015

This CVE name corresponds to:

Entered Topic
2007-12-12 samba -- buffer overflow vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2007-6015
Phase Assigned(20071119)

Description

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

References

Source Reference
BUGTRAQ 20071210 Secunia Research: Samba "send_mailslot()" Buffer OverflowVulnerability
BUGTRAQ 20071210 [SECURITY] Buffer overrun in send_mailslot()
BUGTRAQ 20071210 rPSA-2007-0261-1 samba samba-swat
BUGTRAQ 20071214 POC for samba send_mailslot()
BUGTRAQ 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
MLIST [Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
MISC http://secunia.com/secunia_research/2007-99/advisory/
CONFIRM http://www.samba.org/samba/security/CVE-2007-6015.html
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=200773
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm
CONFIRM https://issues.rpath.com/browse/RPL-1976
CONFIRM http://docs.info.apple.com/article.html?artnum=307430
APPLE APPLE-SA-2008-02-11
DEBIAN DSA-1427
FEDORA FEDORA-2007-4269
FEDORA FEDORA-2007-4275
GENTOO GLSA-200712-10
HP HPSBUX02316
HP SSRT071495
HP HPSBUX02341
HP SSRT080075
MANDRIVA MDKSA-2007:244
REDHAT RHSA-2007:1114
REDHAT RHSA-2007:1117
SLACKWARE SSA:2007-344-01
SUNALERT 238251
SUNALERT 1019295
SUSE SUSE-SA:2007:068
UBUNTU USN-556-1
CERT TA08-043B
CERT-VN VU#438395
BID 26791
OVAL oval:org.mitre.oval:def:5605
OVAL oval:org.mitre.oval:def:11572
VUPEN ADV-2007-4153
VUPEN ADV-2008-0495
VUPEN ADV-2008-0637
VUPEN ADV-2008-0859
VUPEN ADV-2008-1712
VUPEN ADV-2008-1908
SECTRACK 1019065
SECUNIA 27760
SECUNIA 27894
SECUNIA 27977
SECUNIA 27993
SECUNIA 27999
SECUNIA 28003
SECUNIA 28028
SECUNIA 28029
SECUNIA 28067
SECUNIA 28089
SECUNIA 28037
SECUNIA 28891
SECUNIA 29032
SECUNIA 29341
SECUNIA 30484
SECUNIA 30835
SREASON 3438
XF samba-sendmailslot-bo(38965)