// For flags

CVE-2007-6015

Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

Desbordamiento de búfer basado en pila en la función send_mailslot de nmbd en Samba 3.0.0 hasta 3.0.27a, cuando la opción "inicios de sesión de dominio" está habilitada, permite a atacantes remotos ejecutar código de su elección mediante una petición de ranura de buzón GETDC compuesta de una cadena larga GETDC a la que sigue un nombre de usuario en una petición de inicio de sesión SAMLOGON.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-11-19 CVE Reserved
  • 2007-12-10 CVE Published
  • 2007-12-14 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-10-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (60)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=200773 X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307430 X_refsource_confirm
http://lists.vmware.com/pipermail/security-announce/2008/000005.html Mailing List
http://secunia.com/advisories/27894 Third Party Advisory
http://secunia.com/advisories/27977 Third Party Advisory
http://secunia.com/advisories/27993 Third Party Advisory
http://secunia.com/advisories/27999 Third Party Advisory
http://secunia.com/advisories/28003 Third Party Advisory
http://secunia.com/advisories/28028 Third Party Advisory
http://secunia.com/advisories/28029 Third Party Advisory
http://secunia.com/advisories/28037 Third Party Advisory
http://secunia.com/advisories/28067 Third Party Advisory
http://secunia.com/advisories/28089 Third Party Advisory
http://secunia.com/advisories/28891 Third Party Advisory
http://secunia.com/advisories/29032 Third Party Advisory
http://secunia.com/advisories/29341 Third Party Advisory
http://secunia.com/advisories/30484 Third Party Advisory
http://secunia.com/advisories/30835 Third Party Advisory
http://securityreason.com/securityalert/3438 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm X_refsource_confirm
http://www.kb.cert.org/vuls/id/438395 Third Party Advisory
http://www.securityfocus.com/archive/1/484818/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/484825/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/484827/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/485144/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/488457/100/0/threaded Mailing List
http://www.securityfocus.com/bid/26791 Vdb Entry
http://www.securitytracker.com/id?1019065 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA08-043B.html Third Party Advisory
http://www.vupen.com/english/advisories/2007/4153 Vdb Entry
http://www.vupen.com/english/advisories/2008/0495/references Vdb Entry
http://www.vupen.com/english/advisories/2008/0637 Vdb Entry
http://www.vupen.com/english/advisories/2008/0859/references Vdb Entry
http://www.vupen.com/english/advisories/2008/1712/references Vdb Entry
http://www.vupen.com/english/advisories/2008/1908 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38965 Vdb Entry
https://issues.rpath.com/browse/RPL-1976 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605 Signature
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.0.1
Search vendor "Samba" for product "Samba" and version "2.0.1"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.0.2
Search vendor "Samba" for product "Samba" and version "2.0.2"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.0.3
Search vendor "Samba" for product "Samba" and version "2.0.3"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.0.4
Search vendor "Samba" for product "Samba" and version "2.0.4"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.0.5
Search vendor "Samba" for product "Samba" and version "2.0.5"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.0.6
Search vendor "Samba" for product "Samba" and version "2.0.6"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.0.7
Search vendor "Samba" for product "Samba" and version "2.0.7"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.0.8
Search vendor "Samba" for product "Samba" and version "2.0.8"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.0.9
Search vendor "Samba" for product "Samba" and version "2.0.9"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.0.10
Search vendor "Samba" for product "Samba" and version "2.0.10"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.0
Search vendor "Samba" for product "Samba" and version "2.2.0"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.0a
Search vendor "Samba" for product "Samba" and version "2.2.0a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.1a
Search vendor "Samba" for product "Samba" and version "2.2.1a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.2
Search vendor "Samba" for product "Samba" and version "2.2.2"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.3
Search vendor "Samba" for product "Samba" and version "2.2.3"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.3a
Search vendor "Samba" for product "Samba" and version "2.2.3a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.4
Search vendor "Samba" for product "Samba" and version "2.2.4"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.5
Search vendor "Samba" for product "Samba" and version "2.2.5"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.6
Search vendor "Samba" for product "Samba" and version "2.2.6"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.7
Search vendor "Samba" for product "Samba" and version "2.2.7"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.7a
Search vendor "Samba" for product "Samba" and version "2.2.7a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.8
Search vendor "Samba" for product "Samba" and version "2.2.8"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.8a
Search vendor "Samba" for product "Samba" and version "2.2.8a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.9
Search vendor "Samba" for product "Samba" and version "2.2.9"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.11
Search vendor "Samba" for product "Samba" and version "2.2.11"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
2.2.12
Search vendor "Samba" for product "Samba" and version "2.2.12"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.0
Search vendor "Samba" for product "Samba" and version "3.0.0"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.1
Search vendor "Samba" for product "Samba" and version "3.0.1"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.2
Search vendor "Samba" for product "Samba" and version "3.0.2"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.2a
Search vendor "Samba" for product "Samba" and version "3.0.2a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.10
Search vendor "Samba" for product "Samba" and version "3.0.10"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.11
Search vendor "Samba" for product "Samba" and version "3.0.11"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.12
Search vendor "Samba" for product "Samba" and version "3.0.12"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.13
Search vendor "Samba" for product "Samba" and version "3.0.13"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.14
Search vendor "Samba" for product "Samba" and version "3.0.14"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.14a
Search vendor "Samba" for product "Samba" and version "3.0.14a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.20
Search vendor "Samba" for product "Samba" and version "3.0.20"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.20a
Search vendor "Samba" for product "Samba" and version "3.0.20a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.20b
Search vendor "Samba" for product "Samba" and version "3.0.20b"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.21
Search vendor "Samba" for product "Samba" and version "3.0.21"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.21a
Search vendor "Samba" for product "Samba" and version "3.0.21a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.21b
Search vendor "Samba" for product "Samba" and version "3.0.21b"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.21c
Search vendor "Samba" for product "Samba" and version "3.0.21c"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.22
Search vendor "Samba" for product "Samba" and version "3.0.22"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.23a
Search vendor "Samba" for product "Samba" and version "3.0.23a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.23b
Search vendor "Samba" for product "Samba" and version "3.0.23b"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.23c
Search vendor "Samba" for product "Samba" and version "3.0.23c"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.23d
Search vendor "Samba" for product "Samba" and version "3.0.23d"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.24
Search vendor "Samba" for product "Samba" and version "3.0.24"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
pre1
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
pre2
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
rc1
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
rc2
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.25
Search vendor "Samba" for product "Samba" and version "3.0.25"
rc3
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.25a
Search vendor "Samba" for product "Samba" and version "3.0.25a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.25b
Search vendor "Samba" for product "Samba" and version "3.0.25b"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.25c
Search vendor "Samba" for product "Samba" and version "3.0.25c"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.26
Search vendor "Samba" for product "Samba" and version "3.0.26"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.26a
Search vendor "Samba" for product "Samba" and version "3.0.26a"
-
Affected
Samba
Search vendor "Samba"
Samba
Search vendor "Samba" for product "Samba"
3.0.27
Search vendor "Samba" for product "Samba" and version "3.0.27"
-
Affected