Back to search
CVE-2007-6015
Published: Dec 13, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2007:1117
vendor-advisory
x_refsource_REDHAT
http://docs.info.apple.com/article.html?artnum=307430
x_refsource_CONFIRM
28891
third-party-advisory
x_refsource_SECUNIA
1019295
vendor-advisory
x_refsource_SUNALERT
30835
third-party-advisory
x_refsource_SECUNIA
29341
third-party-advisory
x_refsource_SECUNIA
HPSBUX02316
vendor-advisory
x_refsource_HP
VU#438395
third-party-advisory
x_refsource_CERT-VN
26791
vdb-entry
x_refsource_BID
238251
vendor-advisory
x_refsource_SUNALERT
SUSE-SA:2007:068
vendor-advisory
x_refsource_SUSE
USN-556-1
vendor-advisory
x_refsource_UBUNTU
ADV-2008-1908
vdb-entry
x_refsource_VUPEN
ADV-2008-0495
vdb-entry
x_refsource_VUPEN
SSRT071495
vendor-advisory
x_refsource_HP
HPSBUX02341
vendor-advisory
x_refsource_HP
27999
third-party-advisory
x_refsource_SECUNIA
20071214 POC for samba send_mailslot()
mailing-list
x_refsource_BUGTRAQ
30484
third-party-advisory
x_refsource_SECUNIA
29032
third-party-advisory
x_refsource_SECUNIA
http://www.samba.org/samba/security/CVE-2007-6015.html
x_refsource_CONFIRM
27993
third-party-advisory
x_refsource_SECUNIA
samba-sendmailslot-bo(38965)
vdb-entry
x_refsource_XF
DSA-1427
vendor-advisory
x_refsource_DEBIAN
20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
mailing-list
x_refsource_BUGTRAQ
MDKSA-2007:244
vendor-advisory
x_refsource_MANDRIVA
SSRT080075
vendor-advisory
x_refsource_HP
http://bugs.gentoo.org/show_bug.cgi?id=200773
x_refsource_CONFIRM
20071210 Secunia Research: Samba "send_mailslot()" Buffer OverflowVulnerability
mailing-list
x_refsource_BUGTRAQ
1019065
vdb-entry
x_refsource_SECTRACK
27977
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0637
vdb-entry
x_refsource_VUPEN
28029
third-party-advisory
x_refsource_SECUNIA
ADV-2007-4153
vdb-entry
x_refsource_VUPEN
http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm
x_refsource_CONFIRM
28089
third-party-advisory
x_refsource_SECUNIA
28003
third-party-advisory
x_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1976
x_refsource_CONFIRM
TA08-043B
third-party-advisory
x_refsource_CERT
RHSA-2007:1114
vendor-advisory
x_refsource_REDHAT
3438
third-party-advisory
x_refsource_SREASON
SSA:2007-344-01
vendor-advisory
x_refsource_SLACKWARE
FEDORA-2007-4269
vendor-advisory
x_refsource_FEDORA
FEDORA-2007-4275
vendor-advisory
x_refsource_FEDORA
27894
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2008-02-11
vendor-advisory
x_refsource_APPLE
27760
third-party-advisory
x_refsource_SECUNIA
ADV-2008-1712
vdb-entry
x_refsource_VUPEN
http://secunia.com/secunia_research/2007-99/advisory/
x_refsource_MISC
28067
third-party-advisory
x_refsource_SECUNIA
28037
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0859
vdb-entry
x_refsource_VUPEN
20071210 [SECURITY] Buffer overrun in send_mailslot()
mailing-list
x_refsource_BUGTRAQ
20071210 rPSA-2007-0261-1 samba samba-swat
mailing-list
x_refsource_BUGTRAQ
oval:org.mitre.oval:def:11572
vdb-entry
signature
x_refsource_OVAL
28028
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:5605
vdb-entry
signature
x_refsource_OVAL
GLSA-200712-10
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now