Lucene search

K

[email protected]CVE-2007-2444

HistoryMay 14, 2007 - 9:19 p.m.

CVE-2007-2444

2007-05-1421:19:00

CWE-269

[email protected]

web.nvd.nist.gov

43

2

cve-2007-2444

samba

vulnerability

smb

cifs

privilege escalation

nvd

6.5 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.529 Medium

EPSS

Percentile

97.6%

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

CPENameOperatorVersion
samba:sambasambaeq3.0.25
samba:sambasambaeq3.0.24
samba:sambasambaeq3.0.23d
debian:debian_linuxdebian debian linuxeq5.0
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06

References

h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980

lists.suse.com/archive/suse-security-announce/2007-May/0006.html

osvdb.org/34698

secunia.com/advisories/25232

secunia.com/advisories/25241

secunia.com/advisories/25246

secunia.com/advisories/25251

secunia.com/advisories/25255

secunia.com/advisories/25256

secunia.com/advisories/25259

secunia.com/advisories/25270

secunia.com/advisories/25289

secunia.com/advisories/25675

secunia.com/advisories/25772

security.gentoo.org/glsa/glsa-200705-15.xml

securityreason.com/securityalert/2701

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906

sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1

sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1

www.debian.org/security/2007/dsa-1291

www.mandriva.com/security/advisories?name=MDKSA-2007:104

www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html

www.samba.org/samba/security/CVE-2007-2444.html

www.securityfocus.com/archive/1/468548/100/0/threaded

www.securityfocus.com/archive/1/468670/100/0/threaded

www.securityfocus.com/bid/23974

www.securitytracker.com/id?1018049

www.trustix.org/errata/2007/0017/

www.ubuntu.com/usn/usn-460-1

www.ubuntu.com/usn/usn-460-2

www.vupen.com/english/advisories/2007/1805

www.vupen.com/english/advisories/2007/2210

www.vupen.com/english/advisories/2007/2281

issues.rpath.com/browse/RPL-1366

Social References

More

6.5 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.529 Medium

EPSS

Percentile

97.6%

Related for CVE-2007-2444

prion1 ubuntucve1 samba1 openvas48 nessus11 debiancve1 ubuntu2 securityvulns2 debian4 fedora2 gentoo1 slackware1 suse1 osv1 altlinux1 freebsd1