CVE-2007-2446

Published: May 14, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

GLSA-200705-15

vendor-advisory

x_refsource_GENTOO

20070515 ZDI-07-032: Samba sec_io_acl Heap Overflow Vulnerability

mailing-list

x_refsource_BUGTRAQ

25289

third-party-advisory

x_refsource_SECUNIA

20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

mailing-list

x_refsource_FULLDISC

20070515 ZDI-07-031: Samba smb_io_notify_option_type_data Heap Overflow Vulnerability

mailing-list

x_refsource_BUGTRAQ

20070515 ZDI-07-029: Samba lsa_io_privilege_set Heap Overflow Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://www.samba.org/samba/security/CVE-2007-2446.html

x_refsource_CONFIRM

samba-lsaiotransnames-bo(34316)

vdb-entry

x_refsource_XF

http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf

x_refsource_CONFIRM

ADV-2007-2732

vdb-entry

x_refsource_VUPEN

ADV-2007-1805

vdb-entry

x_refsource_VUPEN

ADV-2007-3229

vdb-entry

x_refsource_VUPEN

25772

third-party-advisory

x_refsource_SECUNIA

HPSBUX02218

vendor-advisory

x_refsource_HP

OpenPKG-SA-2007.012

vendor-advisory

x_refsource_OPENPKG

25257

third-party-advisory

x_refsource_SECUNIA

25391

third-party-advisory

x_refsource_SECUNIA

24198

vdb-entry

x_refsource_BID

20070515 ZDI-07-030: Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability

mailing-list

x_refsource_BUGTRAQ

SUSE-SA:2007:031

vendor-advisory

x_refsource_SUSE

25270

third-party-advisory

x_refsource_SECUNIA

20070515 FLEA-2007-0017-1: samba

mailing-list

x_refsource_BUGTRAQ

APPLE-SA-2007-07-31

vendor-advisory

x_refsource_APPLE

samba-secioacl-bo(34314)

vdb-entry

x_refsource_XF

ADV-2007-2281

vdb-entry

x_refsource_VUPEN

http://www.zerodayinitiative.com/advisories/ZDI-07-033.html

x_refsource_MISC

ADV-2007-2210

vdb-entry

x_refsource_VUPEN

HPSBTU02218

vendor-advisory

x_refsource_HP

samba-netdfsiodfsenuminfod-bo(34311)

vdb-entry

x_refsource_XF

2007-0017

vendor-advisory

x_refsource_TRUSTIX

USN-460-1

vendor-advisory

x_refsource_UBUNTU

samba-smbionotifyoptiontypedata-bo(34312)

vdb-entry

x_refsource_XF

2702

third-party-advisory

x_refsource_SREASON

25567

third-party-advisory

x_refsource_SECUNIA

34731

vdb-entry

x_refsource_OSVDB

http://www.zerodayinitiative.com/advisories/ZDI-07-031.html

x_refsource_MISC

34699

vdb-entry

x_refsource_OSVDB

25241

third-party-advisory

x_refsource_SECUNIA

28292

third-party-advisory

x_refsource_SECUNIA

MDKSA-2007:104

vendor-advisory

x_refsource_MANDRIVA

25256

third-party-advisory

x_refsource_SECUNIA

https://issues.rpath.com/browse/RPL-1366

x_refsource_CONFIRM

25259

third-party-advisory

x_refsource_SECUNIA

samba-lsaioprivilegeset-bo(34309)

vdb-entry

x_refsource_XF

SSA:2007-134-01

vendor-advisory

x_refsource_SLACKWARE

34732

vdb-entry

x_refsource_OSVDB

102964

vendor-advisory

x_refsource_SUNALERT

20070513 [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution

mailing-list

x_refsource_BUGTRAQ

1018050

vdb-entry

x_refsource_SECTRACK

23973

vdb-entry

x_refsource_BID

http://www.zerodayinitiative.com/advisories/ZDI-07-030.html

x_refsource_MISC

26909

third-party-advisory

x_refsource_SECUNIA

SSRT071424

vendor-advisory

x_refsource_HP

ADV-2008-0050

vdb-entry

x_refsource_VUPEN

27706

third-party-advisory

x_refsource_SECUNIA

DSA-1291

vendor-advisory

x_refsource_DEBIAN

VU#773720

third-party-advisory

x_refsource_CERT-VN

http://docs.info.apple.com/article.html?artnum=306172

x_refsource_CONFIRM

25232

third-party-advisory

x_refsource_SECUNIA

25251

third-party-advisory

x_refsource_SECUNIA

200588

vendor-advisory

x_refsource_SUNALERT

25246

third-party-advisory

x_refsource_SECUNIA

20070515 ZDI-07-033: Samba lsa_io_trans_names Heap Overflow Vulnerability

mailing-list

x_refsource_BUGTRAQ

24197

vdb-entry

x_refsource_BID

34733

vdb-entry

x_refsource_OSVDB

oval:org.mitre.oval:def:11415

vdb-entry

signature

x_refsource_OVAL

25159

vdb-entry

x_refsource_BID

http://www.zerodayinitiative.com/advisories/ZDI-07-032.html

x_refsource_MISC

25255

third-party-advisory

x_refsource_SECUNIA

24196

vdb-entry

x_refsource_BID

RHSA-2007:0354

vendor-advisory

x_refsource_REDHAT

24195

vdb-entry

x_refsource_BID

http://www.zerodayinitiative.com/advisories/ZDI-07-029.html

x_refsource_MISC

26235

third-party-advisory

x_refsource_SECUNIA

25675

third-party-advisory

x_refsource_SECUNIA

ADV-2007-2079

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-2446

Description

Affected Products

References