CVE-2007-2446
Last modified
CVE-2007-2446 is a vulnerability of currently unknown severity. Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).. EPSS estimates a 77.81% chance of exploitation in the next 30 days.
Description
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Samba | Samba | 3.0.0 | — |
| Samba | Samba | 3.0.1 | — |
| Samba | Samba | 3.0.2 | — |
| Samba | Samba | 3.0.2a | — |
| Samba | Samba | 3.0.10 | — |
| Samba | Samba | 3.0.11 | — |
| Samba | Samba | 3.0.12 | — |
| Samba | Samba | 3.0.13 | — |
| Samba | Samba | 3.0.14 | — |
| Samba | Samba | 3.0.14a | — |
| Samba | Samba | 3.0.15 | — |
| Samba | Samba | 3.0.16 | — |
| Samba | Samba | 3.0.17 | — |
| Samba | Samba | 3.0.18 | — |
| Samba | Samba | 3.0.19 | — |
| Samba | Samba | 3.0.20 | — |
| Samba | Samba | 3.0.20a | — |
| Samba | Samba | 3.0.20b | — |
| Samba | Samba | 3.0.21 | — |
| Samba | Samba | 3.0.21a | — |
| Samba | Samba | 3.0.21b | — |
| Samba | Samba | 3.0.21c | — |
| Samba | Samba | 3.0.22 | — |
| Samba | Samba | 3.0.23 | — |
| Samba | Samba | 3.0.23a | — |
| Samba | Samba | 3.0.23b | — |
| Samba | Samba | 3.0.23c | — |
| Samba | Samba | 3.0.23d | — |
| Samba | Samba | 3.0.24 | — |
| Samba | Samba | 3.0.25 | Pre1 |
References
- http://secunia.com/advisories/25232Vendor Advisory
- http://secunia.com/advisories/25241Vendor Advisory
- http://secunia.com/advisories/25246Vendor Advisory
- http://secunia.com/advisories/25251Vendor Advisory
- http://secunia.com/advisories/25255Vendor Advisory
- http://secunia.com/advisories/25256Vendor Advisory
- http://secunia.com/advisories/25257Vendor Advisory
- http://secunia.com/advisories/25259Vendor Advisory
- http://secunia.com/advisories/25270Vendor Advisory
- http://www.kb.cert.org/vuls/id/773720US Government Resource
- http://www.redhat.com/support/errata/RHSA-2007-0354.htmlVendor Advisory
- http://www.samba.org/samba/security/CVE-2007-2446.htmlPatch, Vendor Advisory
- http://secunia.com/advisories/25232Vendor Advisory
- http://secunia.com/advisories/25241Vendor Advisory
- http://secunia.com/advisories/25246Vendor Advisory
- http://secunia.com/advisories/25251Vendor Advisory
- http://secunia.com/advisories/25255Vendor Advisory
- http://secunia.com/advisories/25256Vendor Advisory
- http://secunia.com/advisories/25257Vendor Advisory
- http://secunia.com/advisories/25259Vendor Advisory
- http://secunia.com/advisories/25270Vendor Advisory
- http://www.kb.cert.org/vuls/id/773720US Government Resource
- http://www.redhat.com/support/errata/RHSA-2007-0354.htmlVendor Advisory
- http://www.samba.org/samba/security/CVE-2007-2446.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-2446?
How severe is CVE-2007-2446?
How do I fix CVE-2007-2446?
Are you affected by CVE-2007-2446?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST