CVE-2007-6015

Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

Desbordamiento de búfer basado en pila en la función send_mailslot de nmbd en Samba 3.0.0 hasta 3.0.27a, cuando la opción "inicios de sesión de dominio" está habilitada, permite a atacantes remotos ejecutar código de su elección mediante una petición de ranura de buzón GETDC compuesta de una cadena larga GETDC a la que sigue un nombre de usuario en una petición de inicio de sesión SAMLOGON.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-11-19 CVE Reserved
2007-12-10 CVE Published
2007-12-14 First Exploit
2024-08-07 CVE Updated
2024-10-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (60)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=200773	X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307430	X_refsource_confirm
http://lists.vmware.com/pipermail/security-announce/2008/000005.html	Mailing List
http://secunia.com/advisories/27894	Third Party Advisory
http://secunia.com/advisories/27977	Third Party Advisory
http://secunia.com/advisories/27993	Third Party Advisory
http://secunia.com/advisories/27999	Third Party Advisory
http://secunia.com/advisories/28003	Third Party Advisory
http://secunia.com/advisories/28028	Third Party Advisory
http://secunia.com/advisories/28029	Third Party Advisory
http://secunia.com/advisories/28037	Third Party Advisory
http://secunia.com/advisories/28067	Third Party Advisory
http://secunia.com/advisories/28089	Third Party Advisory
http://secunia.com/advisories/28891	Third Party Advisory
http://secunia.com/advisories/29032	Third Party Advisory
http://secunia.com/advisories/29341	Third Party Advisory
http://secunia.com/advisories/30484	Third Party Advisory
http://secunia.com/advisories/30835	Third Party Advisory
http://securityreason.com/securityalert/3438	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm	X_refsource_confirm
http://www.kb.cert.org/vuls/id/438395	Third Party Advisory
http://www.securityfocus.com/archive/1/484818/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/484825/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/484827/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/485144/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/488457/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/26791	Vdb Entry
http://www.securitytracker.com/id?1019065	Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA08-043B.html	Third Party Advisory
http://www.vupen.com/english/advisories/2007/4153	Vdb Entry
http://www.vupen.com/english/advisories/2008/0495/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/0637	Vdb Entry
http://www.vupen.com/english/advisories/2008/0859/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/1712/references	Vdb Entry
http://www.vupen.com/english/advisories/2008/1908	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/38965	Vdb Entry
https://issues.rpath.com/browse/RPL-1976	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/4732	2007-12-14

URL	Date	SRC
http://www.redhat.com/support/errata/RHSA-2007-1114.html	2018-10-30
http://www.samba.org/samba/security/CVE-2007-6015.html	2018-10-30

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html	2018-10-30
http://marc.info/?l=bugtraq&m=120524782005154&w=2	2018-10-30
http://secunia.com/advisories/27760	2018-10-30
http://secunia.com/secunia_research/2007-99/advisory	2018-10-30
http://security.gentoo.org/glsa/glsa-200712-10.xml	2018-10-30
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554	2018-10-30
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1	2018-10-30
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1	2018-10-30
http://www.debian.org/security/2007/dsa-1427	2018-10-30
http://www.mandriva.com/security/advisories?name=MDKSA-2007:244	2018-10-30
http://www.novell.com/linux/security/advisories/2007_68_samba.html	2018-10-30
http://www.redhat.com/support/errata/RHSA-2007-1117.html	2018-10-30
http://www.ubuntu.com/usn/usn-556-1	2018-10-30
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657	2018-10-30
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html	2018-10-30
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html	2018-10-30
https://access.redhat.com/security/cve/CVE-2007-6015	2007-12-10
https://bugzilla.redhat.com/show_bug.cgi?id=396401	2007-12-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.0.1 Search vendor "Samba" for product "Samba" and version "2.0.1"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.0.2 Search vendor "Samba" for product "Samba" and version "2.0.2"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.0.3 Search vendor "Samba" for product "Samba" and version "2.0.3"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.0.4 Search vendor "Samba" for product "Samba" and version "2.0.4"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.0.5 Search vendor "Samba" for product "Samba" and version "2.0.5"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.0.6 Search vendor "Samba" for product "Samba" and version "2.0.6"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.0.7 Search vendor "Samba" for product "Samba" and version "2.0.7"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.0.8 Search vendor "Samba" for product "Samba" and version "2.0.8"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.0.9 Search vendor "Samba" for product "Samba" and version "2.0.9"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.0.10 Search vendor "Samba" for product "Samba" and version "2.0.10"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.0 Search vendor "Samba" for product "Samba" and version "2.2.0"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.0a Search vendor "Samba" for product "Samba" and version "2.2.0a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.1a Search vendor "Samba" for product "Samba" and version "2.2.1a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.2 Search vendor "Samba" for product "Samba" and version "2.2.2"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.3 Search vendor "Samba" for product "Samba" and version "2.2.3"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.3a Search vendor "Samba" for product "Samba" and version "2.2.3a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.4 Search vendor "Samba" for product "Samba" and version "2.2.4"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.5 Search vendor "Samba" for product "Samba" and version "2.2.5"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.6 Search vendor "Samba" for product "Samba" and version "2.2.6"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.7 Search vendor "Samba" for product "Samba" and version "2.2.7"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.7a Search vendor "Samba" for product "Samba" and version "2.2.7a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.8 Search vendor "Samba" for product "Samba" and version "2.2.8"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.8a Search vendor "Samba" for product "Samba" and version "2.2.8a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.9 Search vendor "Samba" for product "Samba" and version "2.2.9"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.11 Search vendor "Samba" for product "Samba" and version "2.2.11"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				2.2.12 Search vendor "Samba" for product "Samba" and version "2.2.12"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.0 Search vendor "Samba" for product "Samba" and version "3.0.0"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.1 Search vendor "Samba" for product "Samba" and version "3.0.1"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.2 Search vendor "Samba" for product "Samba" and version "3.0.2"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.2a Search vendor "Samba" for product "Samba" and version "3.0.2a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.10 Search vendor "Samba" for product "Samba" and version "3.0.10"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.11 Search vendor "Samba" for product "Samba" and version "3.0.11"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.12 Search vendor "Samba" for product "Samba" and version "3.0.12"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.13 Search vendor "Samba" for product "Samba" and version "3.0.13"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.14 Search vendor "Samba" for product "Samba" and version "3.0.14"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.14a Search vendor "Samba" for product "Samba" and version "3.0.14a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.20 Search vendor "Samba" for product "Samba" and version "3.0.20"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.20a Search vendor "Samba" for product "Samba" and version "3.0.20a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.20b Search vendor "Samba" for product "Samba" and version "3.0.20b"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21 Search vendor "Samba" for product "Samba" and version "3.0.21"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21a Search vendor "Samba" for product "Samba" and version "3.0.21a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21b Search vendor "Samba" for product "Samba" and version "3.0.21b"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21c Search vendor "Samba" for product "Samba" and version "3.0.21c"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.22 Search vendor "Samba" for product "Samba" and version "3.0.22"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.23a Search vendor "Samba" for product "Samba" and version "3.0.23a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.23b Search vendor "Samba" for product "Samba" and version "3.0.23b"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.23c Search vendor "Samba" for product "Samba" and version "3.0.23c"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.23d Search vendor "Samba" for product "Samba" and version "3.0.23d"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.24 Search vendor "Samba" for product "Samba" and version "3.0.24"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		pre1		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		pre2		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		rc1		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		rc2		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		rc3		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25a Search vendor "Samba" for product "Samba" and version "3.0.25a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25b Search vendor "Samba" for product "Samba" and version "3.0.25b"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25c Search vendor "Samba" for product "Samba" and version "3.0.25c"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.26 Search vendor "Samba" for product "Samba" and version "3.0.26"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.26a Search vendor "Samba" for product "Samba" and version "3.0.26a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.27 Search vendor "Samba" for product "Samba" and version "3.0.27"		-		Affected