CVE-2007-0454
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
Una vulnerabilidad de cadena de formato en el módulo VFS afsacl.so en Samba versión 3.0.6 hasta 3.0.23d permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de especificadores de cadena de formato en un nombre de archivo sobre un sistema de archivos AFS, que no se maneja apropiadamente durante la asignación ACL de Windows.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-01-23 CVE Reserved
- 2007-02-06 CVE Published
- 2023-12-10 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/33101 | Vdb Entry | |
| http://securitytracker.com/id?1017588 | Vdb Entry | |
| http://us1.samba.org/samba/security/CVE-2007-0454.html | X_refsource_confirm | |
| http://www.kb.cert.org/vuls/id/649732 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/459179/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/459365/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32304 | Vdb Entry | |
| https://issues.rpath.com/browse/RPL-1005 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/22403 | 2018-10-16 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/24021 | 2018-10-16 | |
| http://secunia.com/advisories/24046 | 2018-10-16 | |
| http://secunia.com/advisories/24060 | 2018-10-16 | |
| http://secunia.com/advisories/24067 | 2018-10-16 | |
| http://secunia.com/advisories/24101 | 2018-10-16 | |
| http://secunia.com/advisories/24145 | 2018-10-16 | |
| http://secunia.com/advisories/24151 | 2018-10-16 | |
| http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 | 2018-10-16 | |
| http://www.debian.org/security/2007/dsa-1257 | 2018-10-16 | |
| http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml | 2018-10-16 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:034 | 2018-10-16 | |
| http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html | 2018-10-16 | |
| http://www.trustix.org/errata/2007/0007 | 2018-10-16 | |
| http://www.ubuntu.com/usn/usn-419-1 | 2018-10-16 | |
| http://www.vupen.com/english/advisories/2007/0483 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.6 Search vendor "Samba" for product "Samba" and version "3.0.6" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.7 Search vendor "Samba" for product "Samba" and version "3.0.7" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.8 Search vendor "Samba" for product "Samba" and version "3.0.8" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.9 Search vendor "Samba" for product "Samba" and version "3.0.9" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.10 Search vendor "Samba" for product "Samba" and version "3.0.10" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.11 Search vendor "Samba" for product "Samba" and version "3.0.11" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.12 Search vendor "Samba" for product "Samba" and version "3.0.12" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.13 Search vendor "Samba" for product "Samba" and version "3.0.13" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.14 Search vendor "Samba" for product "Samba" and version "3.0.14" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.14a Search vendor "Samba" for product "Samba" and version "3.0.14a" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.20 Search vendor "Samba" for product "Samba" and version "3.0.20" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.20a Search vendor "Samba" for product "Samba" and version "3.0.20a" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.20b Search vendor "Samba" for product "Samba" and version "3.0.20b" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.21 Search vendor "Samba" for product "Samba" and version "3.0.21" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.21a Search vendor "Samba" for product "Samba" and version "3.0.21a" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.21b Search vendor "Samba" for product "Samba" and version "3.0.21b" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.21c Search vendor "Samba" for product "Samba" and version "3.0.21c" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.22 Search vendor "Samba" for product "Samba" and version "3.0.22" | - |
Affected
| ||||||
| Samba Search vendor "Samba" | Samba Search vendor "Samba" for product "Samba" | 3.0.23d Search vendor "Samba" for product "Samba" and version "3.0.23d" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | alpha |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | arm |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | hppa |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | ia-32 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | ia-64 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | m68k |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | mips |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | mipsel |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | ppc |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | s-390 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | sparc |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | alpha |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | amd64 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | arm |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | hppa |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | ia-32 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | ia-64 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | m68k |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | mips |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | mipsel |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | ppc |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | s-390 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | sparc |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 2006 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "2006" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 2006 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "2006" | x86_64 |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Corporate Server Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" | 3.0 Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" and version "3.0" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Corporate Server Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" | 3.0 Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" and version "3.0" | x86_64 |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Corporate Server Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" | 4.0 Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" and version "4.0" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Corporate Server Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" | 4.0 Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" and version "4.0" | x86_64 |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linuxsoft 2007 Search vendor "Mandrakesoft" for product "Mandrake Linuxsoft 2007" | * | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linuxsoft 2007 Search vendor "Mandrakesoft" for product "Mandrake Linuxsoft 2007" | * | x86_64 |
Affected
| ||||||