Page 13 of 62 results (0.021 seconds)

CVSS: 7.2EPSS: 13%CPEs: 8EXPL: 0

CVE-2007-2444

https://notcve.org/view.php?id=CVE-2007-2444

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. Error lógico en la funcionalidad de traducción SID/Name en smbd en Samba 3.0.23d hasta 3.0.25pre2 permite a usuarios locales ganar privilegios de forma temporal y ejecutar operaciones del protocolo SMB/CIFS a través de vectores no especificados que provocan que el demonio transite al usuario root. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html http://osvdb.org/34698 http://secunia.com/advisories/25232 http://secunia.com/advisories/25241 http://secunia.com/advisories/25246 http://secunia.com/advisories/25251 http://secunia.com/advisories/25255 http://secunia.com/advisories/25256 http://secunia.com/advisories/25259 http://secunia.com/advisories/25270 http • CWE-269: Improper Privilege Management •

CVSS: 10.0EPSS: 96%CPEs: 34EXPL: 4

CVE-2007-2446 – Samba lsa_io_trans_names Heap Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2007-2446

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names). Múltiples desbordamientos de búfer en la región heap de la memoria en el análisis NDR en smbd en Samba versión 3.0.0 hasta 3.0.25rc3 permiten que los atacantes remotos ejecuten código arbitrario por medio de peticiones MS-RPC creadas que involucran (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), o (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_name). This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarLookupSids/LsarLookupSids2, heap allocation is calculated based on user input. • https://www.exploit-db.com/exploits/9950 https://www.exploit-db.com/exploits/16859 https://www.exploit-db.com/exploits/16875 https://www.exploit-db.com/exploits/16329 http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •