Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6015

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-6015
Last Modified 08 Aug 2013 01:41:00
Published 13 Dec 2007 04:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6015

Summary

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

Vulnerable Systems

Application

  • Samba 2.0.1

  • Samba 2.0.10

  • Samba 2.0.2

  • Samba 2.0.3

  • Samba 2.0.4

  • Samba 2.0.5

  • Samba 2.0.6

  • Samba 2.0.7

  • Samba 2.0.8

  • Samba 2.0.9

  • Samba 2.2.0

  • Samba 2.2.0a

  • Samba 2.2.11

  • Samba 2.2.12

  • Samba 2.2.1a

  • Samba 2.2.2

  • Samba 2.2.3

  • Samba 2.2.3a

  • Samba 2.2.4

  • Samba 2.2.5

  • Samba 2.2.6

  • Samba 2.2.7

  • Samba 2.2.7a

  • Samba 2.2.8

  • Samba 2.2.8a

  • Samba 2.2.9

  • Samba 3.0

  • Samba 3.0.0

  • Samba 3.0.1

  • Samba 3.0.10

  • Samba 3.0.11

  • Samba 3.0.12

  • Samba 3.0.13

  • Samba 3.0.14

  • Samba 3.0.14a

  • Samba 3.0.2

  • Samba 3.0.20

  • Samba 3.0.20a

  • Samba 3.0.20b

  • Samba 3.0.21

  • Samba 3.0.21a

  • Samba 3.0.21b

  • Samba 3.0.21c

  • Samba 3.0.22

  • Samba 3.0.23a

  • Samba 3.0.23b

  • Samba 3.0.23c

  • Samba 3.0.23d

  • Samba 3.0.24

  • Samba 3.0.25

  • Samba 3.0.25a

  • Samba 3.0.25b

  • Samba 3.0.25c

  • Samba 3.0.26

  • Samba 3.0.26a

  • Samba 3.0.27

  • Samba 3.0.2a


References

CERT - TA08-043B

CERT-VN - VU#438395

BUGTRAQ - 20071210 [SECURITY] Buffer overrun in send_mailslot()

CONFIRM - http://www.samba.org/samba/security/CVE-2007-6015.html

REDHAT - RHSA-2007:1114

FEDORA - FEDORA-2007-4275

FEDORA - FEDORA-2007-4269

CONFIRM - https://issues.rpath.com/browse/RPL-1976

XF - samba-sendmailslot-bo(38965)

HP - SSRT080075

VUPEN - ADV-2008-1908

VUPEN - ADV-2008-1712

VUPEN - ADV-2008-0859

VUPEN - ADV-2008-0637

VUPEN - ADV-2008-0495

VUPEN - ADV-2007-4153

UBUNTU - USN-556-1

SECTRACK - 1019065

BID - 26791

BUGTRAQ - 20071214 POC for samba send_mailslot()

BUGTRAQ - 20071210 rPSA-2007-0261-1 samba samba-swat

BUGTRAQ - 20071210 Secunia Research: Samba "send_mailslot()" Buffer OverflowVulnerability

REDHAT - RHSA-2007:1117

SUSE - SUSE-SA:2007:068

MANDRIVA - MDKSA-2007:244

DEBIAN - DSA-1427

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm

SUNALERT - 1019295

SLACKWARE - SSA:2007-344-01

GENTOO - GLSA-200712-10

MISC - http://secunia.com/secunia_research/2007-99/advisory/

SECUNIA - 30835

SECUNIA - 28089

SECUNIA - 28067

SECUNIA - 28037

SECUNIA - 28029

SECUNIA - 28028

SECUNIA - 28003

SECUNIA - 27999

SECUNIA - 27993

SECUNIA - 27977

SECUNIA - 27894

SECUNIA - 27760

HP - HPSBUX02316

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=200773

BUGTRAQ - 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates

SUNALERT - 238251

SREASON - 3438

SECUNIA - 30484

SECUNIA - 29341

SECUNIA - 29032

SECUNIA - 28891

MLIST - [Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates

APPLE - APPLE-SA-2008-02-11

CONFIRM - http://docs.info.apple.com/article.html?artnum=307430

HP - HPSBUX02341

HP - SSRT071495

Related Patches

Apple 2007-12-17 Security Update 2007-009 (10.4.11 Universal)

Apple 2008-02-11 Security Update 2008-001 (PPC)

Apple 2008-02-11 Mac OS X Server 10.5.2 Combo Update

Apple 2008-02-11 Mac OS X 10.5.2 Combo Update (Rev 2)


Last Updated: 27 May 2016 10:47:27