Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4572

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4572
Last Modified 13 Aug 2013 12:10:05
Published 16 Nov 2007 01:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4572

Summary

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.

Vulnerable Systems

Application

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.10

  • Samba 3.0.11

  • Samba 3.0.12

  • Samba 3.0.13

  • Samba 3.0.14

  • Samba 3.0.14a

  • Samba 3.0.15

  • Samba 3.0.16

  • Samba 3.0.17

  • Samba 3.0.18

  • Samba 3.0.19

  • Samba 3.0.2

  • Samba 3.0.20

  • Samba 3.0.20a

  • Samba 3.0.20b

  • Samba 3.0.21

  • Samba 3.0.21a

  • Samba 3.0.21b

  • Samba 3.0.21c

  • Samba 3.0.22

  • Samba 3.0.23

  • Samba 3.0.23a

  • Samba 3.0.23b

  • Samba 3.0.23c

  • Samba 3.0.23d

  • Samba 3.0.24

  • Samba 3.0.25

  • Samba 3.0.25a

  • Samba 3.0.25b

  • Samba 3.0.25c

  • Samba 3.0.26

  • Samba 3.0.26a

  • Samba 3.0.2a

  • Samba 3.0.3

  • Samba 3.0.4

  • Samba 3.0.5

  • Samba 3.0.6

  • Samba 3.0.7

  • Samba 3.0.8

  • Samba 3.0.9


References

CERT - TA07-352A

CONFIRM - http://us1.samba.org/samba/security/CVE-2007-4572.html

SECUNIA - 27450

FEDORA - FEDORA-2007-3402

CONFIRM - https://issues.rpath.com/browse/RPL-1894

XF - samba-nmbd-bo(38501)

HP - SSRT080075

VUPEN - ADV-2008-1908

VUPEN - ADV-2008-1712

VUPEN - ADV-2008-0859

VUPEN - ADV-2008-0064

VUPEN - ADV-2007-4238

VUPEN - ADV-2007-3869

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0001.html

UBUNTU - USN-544-1

UBUNTU - USN-617-1

UBUNTU - USN-544-2

BID - 26454

BUGTRAQ - 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

BUGTRAQ - 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

REDHAT - RHSA-2007:1017

REDHAT - RHSA-2007:1016

REDHAT - RHSA-2007:1013

SUSE - SUSE-SA:2007:065

MANDRIVA - MDKSA-2007:224

GENTOO - GLSA-200711-29

DEBIAN - DSA-1409

SUNALERT - 237764

SLACKWARE - SSA:2007-320-01

SECTRACK - 1018954

SECUNIA - 30835

SECUNIA - 30736

SECUNIA - 30484

SECUNIA - 29341

SECUNIA - 28368

SECUNIA - 28136

SECUNIA - 27927

SECUNIA - 27787

SECUNIA - 27731

SECUNIA - 27720

SECUNIA - 27701

SECUNIA - 27691

SECUNIA - 27682

SECUNIA - 27679

HP - SSRT071495

MLIST - [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

APPLE - APPLE-SA-2007-12-17

CONFIRM - http://docs.info.apple.com/article.html?artnum=307179

HP - HPSBUX02341

HP - HPSBUX02316

Related Patches

Apple 2007-12-17 Security Update 2007-009 (10.4.11 PPC)

Apple 2007-12-17 Security Update 2007-009 (10.5.1)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.4.11 PPC)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.5.1)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.4.11 Universal)


Last Updated: 27 May 2016 11:02:30