Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).

OSVersionArchitecturePackageVersionFilename
Debian12allsamba< 3.0.25-1samba_3.0.25-1_all.deb
Debian11allsamba< 3.0.25-1samba_3.0.25-1_all.deb
Debian10allsamba< 3.0.25-1samba_3.0.25-1_all.deb
Debian999allsamba< 3.0.25-1samba_3.0.25-1_all.deb
Debian13allsamba< 3.0.25-1samba_3.0.25-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	samba	< 3.0.25-1	samba_3.0.25-1_all.deb
Debian	11	all	samba	< 3.0.25-1	samba_3.0.25-1_all.deb
Debian	10	all	samba	< 3.0.25-1	samba_3.0.25-1_all.deb
Debian	999	all	samba	< 3.0.25-1	samba_3.0.25-1_all.deb
Debian	13	all	samba	< 3.0.25-1	samba_3.0.25-1_all.deb

canvas 2

packetstorm 4

nessus 20

securityvulns 8

zdi 5

checkpoint_advisories 4

saint 4

prion 1

ubuntucve 1

cert 1

cve 1

samba 1

openvas 53

oraclelinux 1

redhat 1

debian 6

centos 2

suse 1

osv 1

fedora 2

slackware 1

gentoo 1

ubuntu 1

altlinux 1

freebsd 1

vmware 1

seebug 1

canvas

Immunity Canvas: ASUS_SAMBA

2007-05-14 17:19:00

Immunity Canvas: SOLARIS_SAMBA

2007-05-14 21:19:00

packetstorm

lsa_transnames_heap-osx.rb.txt

2007-07-26 00:00:00

lsa_transnames_heap-linux.rb.txt

2007-07-26 00:00:00

Samba lsa_io_trans_names Heap Overflow

2009-10-27 00:00:00

nessus

Samba NDR MS-RPC Request Heap-Based Remote Buffer Overflow

2007-05-15 00:00:00

openSUSE 10 Security Update : samba (samba-3349)

2007-10-17 00:00:00

RHEL 4 / 5 : samba (RHSA-2007:0354)

2007-05-16 00:00:00

securityvulns

ZDI-07-033: Samba lsa_io_trans_names Heap Overflow Vulnerability

2007-05-16 00:00:00

ZDI-07-029: Samba lsa_io_privilege_set Heap Overflow Vulnerability

2007-05-16 00:00:00

ZDI-07-030: Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability

2007-05-16 00:00:00

zdi

Samba sec_io_acl Heap Overflow Vulnerability

2007-07-11 00:00:00

Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability

2007-07-11 00:00:00

Samba smb_io_notify_option_type_data Heap Overflow Vulnerability

2007-07-11 00:00:00

checkpoint_advisories

Samba NetDFS RPC netdfs_io_dfs_EnumInfo_d Handling Heap Overflow (CVE-2007-2446)

2007-06-17 00:00:00

Samba SPOOLSS smb_io_notify_option_type_data Request Buffer Overflow (CVE-2007-2446)

2010-09-16 00:00:00

Samba LSA RPC lsa_io_trans_names Request Handling Heap Overflow (CVE-2007-2446)

2010-09-16 00:00:00

saint

Samba lsa_io_trans_names buffer overflow

2007-12-24 00:00:00

Samba lsa_io_trans_names buffer overflow

2007-12-24 00:00:00

Samba lsa_io_trans_names buffer overflow

2007-12-24 00:00:00

prion

Heap overflow

2007-05-14 21:19:00

ubuntucve

CVE-2007-2446

2007-05-14 00:00:00

cert

Samba NDR MS-RPC heap buffer overflow

2007-05-14 00:00:00

cve

CVE-2007-2446

2007-05-14 21:19:00

samba

Multiple Heap Overflows Allow Remote

2007-05-14 00:00:00

openvas

Samba 3.0.0 <= 3.0.25rc3 Remote Code Execution Vulnerability (CVE-2007-2446)

2021-09-24 00:00:00

SLES9: Security update for Samba

2009-10-10 00:00:00

Debian Security Advisory DSA 1291-2 (samba)

2008-01-17 00:00:00

oraclelinux

Critical: samba security update

2007-05-14 00:00:00

redhat

(RHSA-2007:0354) Critical: samba security update

2007-05-14 00:00:00

debian

[SECURITY] [DSA 1291-2] New samba packages fix multiple vulnerabilities

2007-05-17 12:29:25

[SECURITY] [DSA 1291-2] New samba packages fix multiple vulnerabilities

2007-05-17 12:29:25

[SECURITY] [DSA 1291-3] New samba packages fix regression

2007-05-21 19:12:31

centos

samba security update

2007-05-14 17:11:04

samba security update

2007-05-14 23:38:47

suse

remote code execution in samba

2007-05-22 14:13:43

osv

samba

2007-05-15 00:00:00

fedora

[SECURITY] Fedora Core 6 Update: samba-3.0.24-5.fc6

2007-05-14 17:22:17

[SECURITY] Fedora Core 5 Update: samba-3.0.24-5.fc5

2007-05-14 17:21:19

slackware

[slackware-security] samba

2007-05-15 03:03:31

gentoo

Samba: Multiple vulnerabilities

2007-05-15 00:00:00

ubuntu

Samba vulnerabilities

2007-05-16 00:00:00

altlinux

Security fix for the ALT Linux 5 package samba version 3.0.25-alt1

2007-05-14 00:00:00

freebsd

samba -- multiple vulnerabilities

2007-05-14 00:00:00

vmware

Updated versions of all supported hosted products and all ESX 2x products and patches for ESX 30x address critical security updates. Service Console security updates for samba, bind, krb5, vixie-cron, shadow-utils, openldap, pam, gcc, and gdb packages.

2007-09-18 00:00:00

seebug

Mac OS X 2007-007更新修复多个安全漏洞

2007-08-02 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

JSON

Related for DEBIANCVE:CVE-2007-2446