// For flags

CVE-2007-4572

samba buffer overflow

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.

Desbordamiento de búfer basado en pila en el nmbd del Samba 3.0.0 hasta el 3.0.26a, cuando está configurado como controlador Primario ("Primary ") o Dominio de Seguridad ("Backup Domain"), permite a atacantes remotos tener un impacto desconocido a través de peticiones modificadas GETDC mailslot, relacionada con el manejo de las peticiones de autenticación de servidor GETDC.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-08-28 CVE Reserved
  • 2007-11-15 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-10-27 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (52)
URL Tag Source
http://docs.info.apple.com/article.html?artnum=307179 X_refsource_confirm
http://lists.vmware.com/pipermail/security-announce/2008/000002.html Mailing List
http://secunia.com/advisories/29341 Third Party Advisory
http://secunia.com/advisories/30484 Third Party Advisory
http://secunia.com/advisories/30736 Third Party Advisory
http://secunia.com/advisories/30835 Third Party Advisory
http://securitytracker.com/id?1018954 Vdb Entry
http://www.securityfocus.com/archive/1/485936/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/486859/100/0/threaded Mailing List
http://www.securityfocus.com/bid/26454 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA07-352A.html Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2008-0001.html X_refsource_confirm
http://www.vupen.com/english/advisories/2007/3869 Vdb Entry
http://www.vupen.com/english/advisories/2007/4238 Vdb Entry
http://www.vupen.com/english/advisories/2008/0064 Vdb Entry
http://www.vupen.com/english/advisories/2008/0859/references Vdb Entry
http://www.vupen.com/english/advisories/2008/1712/references Vdb Entry
http://www.vupen.com/english/advisories/2008/1908 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38501 Vdb Entry
https://issues.rpath.com/browse/RPL-1894 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11132 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5643 Signature
URL Date SRC
URL Date SRC
http://secunia.com/advisories/27450 2018-10-30
http://us1.samba.org/samba/security/CVE-2007-4572.html 2018-10-30
URL Date SRC
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html 2018-10-30
http://marc.info/?l=bugtraq&m=120524782005154&w=2 2018-10-30
http://secunia.com/advisories/27679 2018-10-30
http://secunia.com/advisories/27682 2018-10-30
http://secunia.com/advisories/27691 2018-10-30
http://secunia.com/advisories/27701 2018-10-30
http://secunia.com/advisories/27720 2018-10-30
http://secunia.com/advisories/27731 2018-10-30
http://secunia.com/advisories/27787 2018-10-30
http://secunia.com/advisories/27927 2018-10-30
http://secunia.com/advisories/28136 2018-10-30
http://secunia.com/advisories/28368 2018-10-30
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739 2018-10-30
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237764-1 2018-10-30
http://www.debian.org/security/2007/dsa-1409 2018-10-30
http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml 2018-10-30
http://www.mandriva.com/security/advisories?name=MDKSA-2007:224 2018-10-30
http://www.novell.com/linux/security/advisories/2007_65_samba.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-1013.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-1016.html 2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-1017.html 2018-10-30
http://www.ubuntu.com/usn/usn-544-2 2018-10-30
http://www.ubuntu.com/usn/usn-617-1 2018-10-30
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657 2018-10-30
https://usn.ubuntu.com/544-1 2018-10-30
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html 2018-10-30
https://access.redhat.com/security/cve/CVE-2007-4572 2007-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=294631 2007-11-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.0
Search vendor "Samba" for product "Samba" and version "3.0.0"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.1
Search vendor "Samba" for product "Samba" and version "3.0.1"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.2
Search vendor "Samba" for product "Samba" and version "3.0.2"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.2a
Search vendor "Samba" for product "Samba" and version "3.0.2a"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.3
Search vendor "Samba" for product "Samba" and version "3.0.3"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.4
Search vendor "Samba" for product "Samba" and version "3.0.4"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.4
Search vendor "Samba" for product "Samba" and version "3.0.4"
rc1
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.5
Search vendor "Samba" for product "Samba" and version "3.0.5"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.6
Search vendor "Samba" for product "Samba" and version "3.0.6"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.7
Search vendor "Samba" for product "Samba" and version "3.0.7"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.8
Search vendor "Samba" for product "Samba" and version "3.0.8"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.9
Search vendor "Samba" for product "Samba" and version "3.0.9"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.10
Search vendor "Samba" for product "Samba" and version "3.0.10"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.11
Search vendor "Samba" for product "Samba" and version "3.0.11"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.12
Search vendor "Samba" for product "Samba" and version "3.0.12"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.13
Search vendor "Samba" for product "Samba" and version "3.0.13"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.14
Search vendor "Samba" for product "Samba" and version "3.0.14"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.14a
Search vendor "Samba" for product "Samba" and version "3.0.14a"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.15
Search vendor "Samba" for product "Samba" and version "3.0.15"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.16
Search vendor "Samba" for product "Samba" and version "3.0.16"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.17
Search vendor "Samba" for product "Samba" and version "3.0.17"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.18
Search vendor "Samba" for product "Samba" and version "3.0.18"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.19
Search vendor "Samba" for product "Samba" and version "3.0.19"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.20
Search vendor "Samba" for product "Samba" and version "3.0.20"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.20a
Search vendor "Samba" for product "Samba" and version "3.0.20a"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.20b
Search vendor "Samba" for product "Samba" and version "3.0.20b"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.21
Search vendor "Samba" for product "Samba" and version "3.0.21"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.21a
Search vendor "Samba" for product "Samba" and version "3.0.21a"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.21b
Search vendor "Samba" for product "Samba" and version "3.0.21b"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.21c
Search vendor "Samba" for product "Samba" and version "3.0.21c"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.22
Search vendor "Samba" for product "Samba" and version "3.0.22"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.23
Search vendor "Samba" for product "Samba" and version "3.0.23"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.23a
Search vendor "Samba" for product "Samba" and version "3.0.23a"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.23b
Search vendor "Samba" for product "Samba" and version "3.0.23b"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.23c
Search vendor "Samba" for product "Samba" and version "3.0.23c"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.23d
Search vendor "Samba" for product "Samba" and version "3.0.23d"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.24
Search vendor "Samba" for product "Samba" and version "3.0.24"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
pre1
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
pre2
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
rc1
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
rc2
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
rc3
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.25a
Search vendor "Samba" for product "Samba" and version "3.0.25a"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.25b
Search vendor "Samba" for product "Samba" and version "3.0.25b"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.25c
Search vendor "Samba" for product "Samba" and version "3.0.25c"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.26
Search vendor "Samba" for product "Samba" and version "3.0.26"
-
Affected
Samba
Search vendor "Samba"
 Samba
Search vendor "Samba" for product "Samba"
 3.0.26a
Search vendor "Samba" for product "Samba" and version "3.0.26a"
-
Affected