Page 11 of 59 results (0.028 seconds)

CVSS: 9.3EPSS: 97%CPEs: 61EXPL: 1

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. Desbordamiento de búfer basado en pila en la función send_mailslot de nmbd en Samba 3.0.0 hasta 3.0.27a, cuando la opción "inicios de sesión de dominio" está habilitada, permite a atacantes remotos ejecutar código de su elección mediante una petición de ranura de buzón GETDC compuesta de una cadena larga GETDC a la que sigue un nombre de usuario en una petición de inicio de sesión SAMLOGON. • https://www.exploit-db.com/exploits/4732 http://bugs.gentoo.org/show_bug.cgi?id=200773 http://docs.info.apple.com/article.html?artnum=307430 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000005.html http://marc.info/?l=bugtraq&m=120524782005154&w=2 http://secunia.com/advisories/27760 http://secunia.com/advisories/27894 http://secunia.com/advisories/27977 http://secunia.com/advisories/27993&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 13%CPEs: 48EXPL: 0

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. Desbordamiento de búfer basado en pila en el nmbd del Samba 3.0.0 hasta el 3.0.26a, cuando está configurado como controlador Primario ("Primary ") o Dominio de Seguridad ("Backup Domain"), permite a atacantes remotos tener un impacto desconocido a través de peticiones modificadas GETDC mailslot, relacionada con el manejo de las peticiones de autenticación de servidor GETDC. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://marc.info/?l=bugtraq&m=120524782005154&w=2 http://secunia.com/advisories/27450 http://secunia.com/advisories/27679 http://secunia.com/advisories/27682 http://secunia.com/advisories/27691 http://secunia.com/advisories/27701 http://secunia.com/advisories/27720 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 95%CPEs: 48EXPL: 0

Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. Desbordamiento de búfer basado en pila en la función reply_netbios_packet en el nmbd/nmbd_packets.c del nmbd en el Samba 3.0.0 hasta el 3.0.26a, cuando opera como un servidor WINS, permite a atacantes remotos ejecutar código de su elección a través de peticiones modificadas del registro de nombres WINS seguidas de una petición de consultas de nombre WINS. • http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://marc.info/?l=bugtraq&m=120524782005154&w=2 http://secunia.com/advisories/27450 http://secunia.com/advisories/27679 http://secunia.com/advisories/27682 http://secunia.com/advisories/27691 http://secunia.com/advisories/27701 http://secunia.com/advisories/27720 http://secunia.co • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.0EPSS: 69%CPEs: 42EXPL: 24

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management. La funcionalidad MS-RPC en mbd en Samba 3.0.0 hasta la 3.0.25rc3 permite a atacantes remotos ejecutar comandos de su elección a través del intérprete de comandos (shell) de metacaracteres afectando a la (1) función SamrChangePassword, cuando la opción "secuencia de comandos del mapa del nombre de usuario" smb.conf está activada, y permite a usuarios remotos validados ejecutar comandos a través del intérprete de comandos (shell) de metacaracteres afectando a otras funciones MS-RPC en la (2)impresora remota y (3)gestión de ficheros compartidos. • https://www.exploit-db.com/exploits/16320 https://github.com/amriunix/CVE-2007-2447 https://github.com/Ziemni/CVE-2007-2447-in-Python https://github.com/ozuma/CVE-2007-2447 https://github.com/Alien0ne/CVE-2007-2447 https://github.com/N3rdyN3xus/CVE-2007-2447 https://github.com/un4gi/CVE-2007-2447 https://github.com/xbufu/CVE-2007-2447 https://github.com/mr-l0n3lly/CVE-2007-2447 https://github.com/0xKn/CVE-2007-2447 https://github.com/xlcc4096/exploit-C •

CVSS: 10.0EPSS: 96%CPEs: 34EXPL: 4

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). Múltiples desbordamientos de búfer en la región heap de la memoria en el análisis NDR en smbd en Samba versión 3.0.0 hasta 3.0.25rc3 permiten que los atacantes remotos ejecuten código arbitrario por medio de peticiones MS-RPC creadas que involucran (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), o (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_name). This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarLookupSids/LsarLookupSids2, heap allocation is calculated based on user input. • https://www.exploit-db.com/exploits/9950 https://www.exploit-db.com/exploits/16859 https://www.exploit-db.com/exploits/16875 https://www.exploit-db.com/exploits/16329 http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •