ID A63B15F9-97FF-11DC-9E48-0016179B2DD5 Type freebsd Reporter FreeBSD Modified 2008-09-26T00:00:00
Description
The Samba Team reports:
Secunia Research reported a vulnerability that allows for
the execution of arbitrary code in nmbd. This defect may
only be exploited when the "wins support" parameter has
been enabled in smb.conf.
Samba developers have discovered what is believed to be
a non-exploitable buffer over in nmbd during the processing
of GETDC logon server requests. This code is only used
when the Samba server is configured as a Primary or Backup
Domain Controller.
{"modified": "2008-09-26T00:00:00", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "edition": 1, "type": "freebsd", "reporter": "FreeBSD", "references": ["http://secunia.com/advisories/27450/", "http://us1.samba.org/samba/security/CVE-2007-4572.html", "http://us1.samba.org/samba/security/CVE-2007-5398.html"], "hashmap": [{"hash": "dfd9923a1f0ea00aa10b4e89e7d1d3dd", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "0bd9445b9ea06d089b30ba6386e38131", "key": "cvelist"}, {"hash": "2076413bdcb42307d016f5286cbae795", "key": "cvss"}, {"hash": "1525d9b2dcc8d2b0222d9ed6ac385616", "key": "description"}, {"hash": "746303c29881508f8dffc98ba222e78e", "key": "href"}, {"hash": "db15acddffb33bea34f299b640358799", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "fc3408f5e85e4b20631c1a227d5b8d96", "key": "published"}, {"hash": "e66b3ea7c65bab4159c5db4e6f6a77b8", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "57f7244e66e427226d7c7efe9d80bdf3", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "href": "https://vuxml.freebsd.org/freebsd/a63b15f9-97ff-11dc-9e48-0016179b2dd5.html", "description": "\nThe Samba Team reports:\n\nSecunia Research reported a vulnerability that allows for\n\t the execution of arbitrary code in nmbd. This defect may\n\t only be exploited when the \"wins support\" parameter has\n\t been enabled in smb.conf.\n\n\nSamba developers have discovered what is believed to be\n\t a non-exploitable buffer over in nmbd during the processing\n\t of GETDC logon server requests. This code is only used\n\t when the Samba server is configured as a Primary or Backup\n\t Domain Controller.\n\n", "id": "A63B15F9-97FF-11DC-9E48-0016179B2DD5", "lastseen": "2016-09-26T17:24:59", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "hash": "f451f2a8ec87c6264d6bc66dba15f91215dd2d92288d5c47003d6bd704cae250", "enchantments": {"vulnersScore": 7.5}, "bulletinFamily": "unix", "history": [], "published": "2007-11-15T00:00:00", "objectVersion": "1.2", "affectedPackage": [{"packageFilename": "UNKNOWN", "operator": "lt", "packageVersion": "3.0.26a", "OS": "FreeBSD", "packageName": "samba3", "OSVersion": "any", "arch": "noarch"}, {"packageFilename": "UNKNOWN", "operator": "lt", "packageVersion": "3.0.26a", "OS": "FreeBSD", "packageName": "samba", "OSVersion": "any", "arch": "noarch"}, {"packageFilename": "UNKNOWN", "operator": "lt", "packageVersion": "3.0.26a", "OS": "FreeBSD", "packageName": "ja-samba", "OSVersion": "any", "arch": "noarch"}], "title": "samba -- multiple vulnerabilities", "viewCount": 1}
{"result": {"cve": [{"id": "CVE-2007-4572", "type": "cve", "title": "CVE-2007-4572", "description": "Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.", "published": "2007-11-16T13:46:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4572", "cvelist": ["CVE-2007-4572"], "lastseen": "2017-09-29T14:25:29"}, {"id": "CVE-2007-5398", "type": "cve", "title": "CVE-2007-5398", "description": "Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.", "published": "2007-11-16T13:46:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5398", "cvelist": ["CVE-2007-5398"], "lastseen": "2017-09-29T14:25:33"}], "nessus": [{"id": "FEDORA_2007-3403.NASL", "type": "nessus", "title": "Fedora 8 : samba-3.0.27-0.fc8 (2007-3403)", "description": "Security Fixes :\n\n - CVE-2007-4572\n\n - CVE-2007-5398\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=28256", "cvelist": ["CVE-2007-4572"], "lastseen": "2017-10-29T13:35:53"}, {"id": "SAMBA_3_0_27.NASL", "type": "nessus", "title": "Samba < 3.0.27 Multiple Vulnerabilities", "description": "According to its banner, the version of the Samba server on the remote host contains a boundary error in the 'reply_netbios_packet()' function in 'nmbd/nmbd_packets.c' when sending NetBIOS replies.\nProvided the server is configured to run as a WINS server, a remote attacker can exploit this issue by sending multiple specially crafted WINS 'Name Registration' requests followed by a WINS 'Name Query' request, leading to a stack-based buffer overflow. This could also allow for the execution of arbitrary code.\n\nThere is also a stack buffer overflow in nmbd's logon request processing code that can be triggered by means of specially crafted GETDC mailslot requests when the affected server is configured as a Primary or Backup Domain Controller. Note that the Samba security team currently does not believe this particular issue can be exploited to execute arbitrary code remotely.", "published": "2007-11-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=28228", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-10-29T13:35:21"}, {"id": "ORACLELINUX_ELSA-2007-1013.NASL", "type": "nessus", "title": "Oracle Linux 3 : samba (ELSA-2007-1013)", "description": "From Red Hat Security Advisory 2007:1013 :\n\nUpdated samba packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files, printers, and other information.\n\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies. If a Samba server is configured to run as a WINS server, a remote unauthenticated user could cause the Samba server to crash or execute arbitrary code. (CVE-2007-5398)\n\nA heap-based buffer overflow flaw was found in the way Samba authenticates users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash. Careful analysis of this flaw has determined that arbitrary code execution is not possible, and under most circumstances will not result in a crash of the Samba server. (CVE-2007-4572)\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research, and the Samba developers for responsibly disclosing these issues.\n\nUsers of Samba are advised to ugprade to these updated packages, which contain backported patches to resolve these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67596", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-10-29T13:40:03"}, {"id": "SL_20071210_SAMBA_ON_SL5_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : samba on SL5.x, SL4.x, SL3.x i386/x86_64", "description": "A stack-based buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server.\n(CVE-2007-6015)\n\nThis update also fixes a regression caused by the fix for CVE-2007-4572, which prevented some clients from being able to properly access shares.", "published": "2012-08-01T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=60328", "cvelist": ["CVE-2007-4572", "CVE-2007-6015"], "lastseen": "2017-10-29T13:44:54"}, {"id": "FEDORA_2007-3402.NASL", "type": "nessus", "title": "Fedora 7 : samba-3.0.27-0.fc7 (2007-3402)", "description": "Security Fixes :\n\n - CVE-2007-4572\n\n - CVE-2007-5398\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=28229", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-10-29T13:45:54"}, {"id": "UBUNTU_USN-617-2.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : samba regression (USN-617-2)", "description": "USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nSamba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572)\n\nAlin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code. (CVE-2008-1105).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-07-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=33388", "cvelist": ["CVE-2007-4572", "CVE-2008-1105"], "lastseen": "2017-10-29T13:40:25"}, {"id": "SUSE_CIFS-MOUNT-4740.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : cifs-mount (cifs-mount-4740)", "description": "This update fixes two buffer overflows in nmbd (CVE-2007-4572, CVE-2007-5398). Remote attackers could potentially exploit them to execute arbitrary code.\n\nThe updated packages additionally contain fixes for numerous other defects. Please refer to the package changelog for details.", "published": "2007-11-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=28370", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-10-29T13:35:46"}, {"id": "CENTOS_RHSA-2007-1114.NASL", "type": "nessus", "title": "CentOS 3 / 4 / 5 : samba (CESA-2007:1114)", "description": "Updated samba packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files, printers, and other information.\n\nA stack-based buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server.\n(CVE-2007-6015)\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.\n\nThis update also fixes a regression caused by the fix for CVE-2007-4572, which prevented some clients from being able to properly access shares.\n\nUsers of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues.", "published": "2007-12-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29256", "cvelist": ["CVE-2007-4572", "CVE-2007-6015"], "lastseen": "2018-06-29T05:25:32"}, {"id": "UBUNTU_USN-544-1.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : samba vulnerabilities (USN-544-1)", "description": "Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572)\n\nAlin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges.\n(CVE-2007-5398).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2007-11-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=28251", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-10-29T13:33:12"}, {"id": "REDHAT-RHSA-2007-1114.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 / 5 : samba (RHSA-2007:1114)", "description": "Updated samba packages that fix a security issue and a bug are now available for Red Hat Enterprise Linux.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nSamba is a suite of programs used by machines to share files, printers, and other information.\n\nA stack-based buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server.\n(CVE-2007-6015)\n\nRed Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.\n\nThis update also fixes a regression caused by the fix for CVE-2007-4572, which prevented some clients from being able to properly access shares.\n\nUsers of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues.", "published": "2007-12-11T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29303", "cvelist": ["CVE-2007-4572", "CVE-2007-6015"], "lastseen": "2017-10-29T13:33:50"}], "osvdb": [{"id": "OSVDB:39180", "type": "osvdb", "title": "Samba nmbd Crafted GETDC mailslot Request Remote Overflow", "description": "# No description provided by the source\n\n## References:\nVendor Specific Solution URL: http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml\nVendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=307179</a>\nVendor Specific News/Changelog Entry: https://issues.rpath.com/browse/RPL-1894</a>\nVendor Specific News/Changelog Entry: http://us1.samba.org/samba/security/CVE-2007-4572.html</a>\n[Vendor Specific Advisory URL](http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00003.html)\n[Vendor Specific Advisory URL](http://lists.vmware.com/pipermail/security-announce/2008/000002.html)\nSecurity Tracker: 1018954\n[Secunia Advisory ID:27450](https://secuniaresearch.flexerasoftware.com/advisories/27450/)\n[Secunia Advisory ID:27742](https://secuniaresearch.flexerasoftware.com/advisories/27742/)\n[Secunia Advisory ID:27720](https://secuniaresearch.flexerasoftware.com/advisories/27720/)\n[Secunia Advisory ID:28136](https://secuniaresearch.flexerasoftware.com/advisories/28136/)\n[Secunia Advisory ID:27691](https://secuniaresearch.flexerasoftware.com/advisories/27691/)\n[Secunia Advisory ID:27682](https://secuniaresearch.flexerasoftware.com/advisories/27682/)\n[Secunia Advisory ID:27701](https://secuniaresearch.flexerasoftware.com/advisories/27701/)\n[Secunia Advisory ID:27731](https://secuniaresearch.flexerasoftware.com/advisories/27731/)\n[Secunia Advisory ID:27787](https://secuniaresearch.flexerasoftware.com/advisories/27787/)\n[Secunia Advisory ID:27927](https://secuniaresearch.flexerasoftware.com/advisories/27927/)\n[Secunia Advisory ID:27679](https://secuniaresearch.flexerasoftware.com/advisories/27679/)\n[Secunia Advisory ID:28368](https://secuniaresearch.flexerasoftware.com/advisories/28368/)\n[Related OSVDB ID: 1016820](https://vulners.com/osvdb/OSVDB:1016820)\n[Related OSVDB ID: 39179](https://vulners.com/osvdb/OSVDB:39179)\nRedHat RHSA: RHSA-2007:1016\nRedHat RHSA: RHSA-2007:1017\nRedHat RHSA: RHSA-2007:1013\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1409\nOther Advisory URL: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-544-1\nOther Advisory URL: http://www.ubuntu.com/usn/usn-544-2\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-544-1\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_65_samba.html\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-November/000276.html\nOther Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2007:224\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-11/0218.html\nISS X-Force ID: 38501\nFrSIRT Advisory: ADV-2007-3869\nFrSIRT Advisory: ADV-2007-4238\n[CVE-2007-4572](https://vulners.com/cve/CVE-2007-4572)\nCERT: TA07-352A\nBugtraq ID: 26454\n", "published": "2007-11-15T14:18:18", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:39180", "cvelist": ["CVE-2007-4572"], "lastseen": "2017-04-28T13:20:35"}, {"id": "OSVDB:39179", "type": "osvdb", "title": "Samba nmbd nmbd/nmbd_packets.c reply_netbios_packet Function Remote Overflow", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=307179</a>\nVendor Specific News/Changelog Entry: https://issues.rpath.com/browse/RPL-1894</a>\nVendor Specific News/Changelog Entry: http://us1.samba.org/samba/security/CVE-2007-5398.html</a>\n[Vendor Specific Advisory URL](http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00003.html)\n[Vendor Specific Advisory URL](http://lists.vmware.com/pipermail/security-announce/2008/000002.html)\nSecurity Tracker: 1018953\n[Secunia Advisory ID:27450](https://secuniaresearch.flexerasoftware.com/advisories/27450/)\n[Secunia Advisory ID:27742](https://secuniaresearch.flexerasoftware.com/advisories/27742/)\n[Secunia Advisory ID:27720](https://secuniaresearch.flexerasoftware.com/advisories/27720/)\n[Secunia Advisory ID:28136](https://secuniaresearch.flexerasoftware.com/advisories/28136/)\n[Secunia Advisory ID:27691](https://secuniaresearch.flexerasoftware.com/advisories/27691/)\n[Secunia Advisory ID:27682](https://secuniaresearch.flexerasoftware.com/advisories/27682/)\n[Secunia Advisory ID:27701](https://secuniaresearch.flexerasoftware.com/advisories/27701/)\n[Secunia Advisory ID:27731](https://secuniaresearch.flexerasoftware.com/advisories/27731/)\n[Secunia Advisory ID:27787](https://secuniaresearch.flexerasoftware.com/advisories/27787/)\n[Secunia Advisory ID:27927](https://secuniaresearch.flexerasoftware.com/advisories/27927/)\n[Secunia Advisory ID:27679](https://secuniaresearch.flexerasoftware.com/advisories/27679/)\n[Secunia Advisory ID:28368](https://secuniaresearch.flexerasoftware.com/advisories/28368/)\n[Related OSVDB ID: 39180](https://vulners.com/osvdb/OSVDB:39180)\n[Related OSVDB ID: 1017399](https://vulners.com/osvdb/OSVDB:1017399)\nRedHat RHSA: RHSA-2007:1016\nRedHat RHSA: RHSA-2007:1017\nRedHat RHSA: RHSA-2007:1013\nOther Advisory URL: http://www.debian.org/security/2007/dsa-1409\nOther Advisory URL: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-544-1\nOther Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-544-1\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml\nOther Advisory URL: http://secunia.com/secunia_research/2007-90/advisory/\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2007_65_samba.html\nOther Advisory URL: http://securityreason.com/securityalert/3372\nOther Advisory URL: http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:224\nOther Advisory URL: http://lists.rpath.com/pipermail/security-announce/2007-November/000276.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-11/0219.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-11/0220.html\nISS X-Force ID: 38502\nFrSIRT Advisory: ADV-2007-3869\nFrSIRT Advisory: ADV-2007-4238\n[CVE-2007-5398](https://vulners.com/cve/CVE-2007-5398)\nCERT: TA07-352A\nBugtraq ID: 26455\n", "published": "2007-11-15T14:18:18", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:39179", "cvelist": ["CVE-2007-5398"], "lastseen": "2017-04-28T13:20:35"}], "samba": [{"id": "SAMBA:CVE-2007-4572", "type": "samba", "title": "Stack buffer overflow in nmbd's logon request processing. ", "description": "Samba developers have discovered what is believed to be a non-exploitable buffer over in nmbd during the processing of GETDC logon server requests. This code is only used when the Samba server is configured as a Primary or Backup Domain Controller.", "published": "2007-11-15T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.samba.org/samba/security/CVE-2007-4572.html", "cvelist": ["CVE-2007-4572"], "lastseen": "2016-09-26T20:38:58"}, {"id": "SAMBA:CVE-2007-5398", "type": "samba", "title": "Remote code execution in Samba's WINS server daemon (nmbd) when processing name registration followed name query requests. ", "description": "Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf.", "published": "2007-11-15T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.samba.org/samba/security/CVE-2007-5398.html", "cvelist": ["CVE-2007-5398"], "lastseen": "2016-09-26T20:38:58"}], "seebug": [{"id": "SSV:2434", "type": "seebug", "title": "Samba NMBD\u767b\u5f55\u8bf7\u6c42\u8fdc\u7a0b\u6ea2\u51fa\u6f0f\u6d1e", "description": "BUGTRAQ ID: 26454\r\nCVE(CAN) ID: CVE-2007-4572\r\n\r\nSamba\u662f\u4e00\u5957\u5b9e\u73b0SMB\uff08Server Messages Block\uff09\u534f\u8bae\u3001\u8de8\u5e73\u53f0\u8fdb\u884c\u6587\u4ef6\u5171\u4eab\u548c\u6253\u5370\u5171\u4eab\u670d\u52a1\u7684\u7a0b\u5e8f\u3002\r\n\r\nSamba\u7684nmbd\u5728\u5904\u7406GETDC\u767b\u5f55\u670d\u52a1\u5668\u8bf7\u6c42\u65f6\u5b58\u5728\u7f13\u51b2\u5668\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u53ef\u80fd\u5bfc\u81f4\u975e\u9884\u671f\u7684\u670d\u52a1\u5668\u884c\u4e3a\u3002\r\n\r\n\u5982\u679c\u8fdc\u7a0b\u653b\u51fb\u8005\u53d1\u9001\u4e86\u7578\u5f62\u7684GETDC\u8bf7\u6c42\u7684\u8bdd\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6f0f\u6d1e\uff0c\u4f46\u65e0\u6cd5\u5229\u7528\u8fd9\u4e2a\u6ea2\u51fa\u6267\u884c\u4efb\u610f\u6307\u4ee4\uff0c\u5728\u5927\u591a\u6570\u60c5\u51b5\u4e0b\u4e5f\u4e0d\u4f1a\u5bfc\u81f4Samba\u670d\u52a1\u5668\u5d29\u6e83\u3002\u4ec5\u5728\u5c06Samba\u670d\u52a1\u5668\u914d\u7f6e\u4e3a\u4e3b\u6216\u5907\u4efd\u57df\u63a7\u5236\u5668\u65f6\u624d\u4f1a\u51fa\u73b0\u8fd9\u4e2a\u6f0f\u6d1e\u3002\r\n\r\n\n\nSamba 3.0.0 - 3.0.26a\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u5728\u670d\u52a1\u5668\u7684smb.conf\u6587\u4ef6\u4e2d\u7981\u7528domain logons\u548cdomain master\u9009\u9879\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\uff08RHSA-2007:1017-01\u3001RHSA-2007:1016-01\u3001RHSA-2007:1013-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2007:1017-01\uff1aCritical: samba security update\r\n\u94fe\u63a5\uff1a<a href=\"https://www.redhat.com/support/errata/RHSA-2007-1017.html\" target=\"_blank\">https://www.redhat.com/support/errata/RHSA-2007-1017.html</a>\r\n\r\nRHSA-2007:1016-01\uff1aCritical: samba security update\r\n\u94fe\u63a5\uff1a<a href=\"https://www.redhat.com/support/errata/RHSA-2007-1016.html\" target=\"_blank\">https://www.redhat.com/support/errata/RHSA-2007-1016.html</a>\r\n\r\nRHSA-2007:1013-01\uff1aCritical: samba security update\r\n\u94fe\u63a5\uff1a<a href=\"https://www.redhat.com/support/errata/RHSA-2007-1013.html\" target=\"_blank\">https://www.redhat.com/support/errata/RHSA-2007-1013.html</a>\r\n\r\nSamba\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://us1.samba.org/samba/ftp/patches/security/samba-3.0.26a-CVE-2007_-4572.patch\" target=\"_blank\">http://us1.samba.org/samba/ftp/patches/security/samba-3.0.26a-CVE-2007_-4572.patch</a>", "published": "2007-11-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-2434", "cvelist": ["CVE-2007-4572"], "lastseen": "2017-11-19T21:54:49"}, {"id": "SSV:2435", "type": "seebug", "title": "Samba nmbd_packets.c NetBIOS\u56de\u590d\u6808\u6ea2\u51fa\u6f0f\u6d1e", "description": "BUGTRAQ ID: 26455\r\nCVE(CAN) ID: CVE-2007-5398\r\n\r\nSamba\u662f\u4e00\u5957\u5b9e\u73b0SMB\uff08Server Messages Block\uff09\u534f\u8bae\u3001\u8de8\u5e73\u53f0\u8fdb\u884c\u6587\u4ef6\u5171\u4eab\u548c\u6253\u5370\u5171\u4eab\u670d\u52a1\u7684\u7a0b\u5e8f\u3002\r\n\r\nSamba\u7684nmbd/nmbd_packets.c\u6587\u4ef6\u4e2d\u7684reply_netbios_packet()\u51fd\u6570\u5728\u53d1\u9001NetBIOS\u56de\u590d\u65f6\u5b58\u5728\u6808\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u670d\u52a1\u5668\u3002\r\n\r\n\u5982\u679c\u5ba2\u6237\u7aef\u53d1\u9001\u4e86\u591a\u4e2a\u7279\u5236\u7684WINS \u201cName Registration\u201d\u8bf7\u6c42\u5e76\u8ddf\u968f\u6709WINS \u201cName Query\u201d\u8bf7\u6c42\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\u4f46\u5229\u7528\u8fd9\u4e2a\u6f0f\u6d1e\u8981\u6c42\u5c06Samba\u914d\u7f6e\u4e3a\u7528\u4f5cWINS\u670d\u52a1\u5668\uff0c\u4e5f\u5c31\u662f\u542f\u7528\u4e86wins\u652f\u6301\u9009\u9879\u3002\r\n\r\n\n\nSamba Samba 3.0.0 - 3.0.26a\n \u4e34\u65f6\u89e3\u51b3\u65b9\u6cd5\uff1a\r\n\r\n* \u5728\u670d\u52a1\u5668\u7684smb.conf\u6587\u4ef6\u4e2d\u7981\u7528wins support\u529f\u80fd\u3002\r\n\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRedHat\r\n------\r\nRedHat\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\uff08RHSA-2007:1017-01\u3001RHSA-2007:1016-01\u3001RHSA-2007:1013-01\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nRHSA-2007:1017-01\uff1aCritical: samba security update\r\n\u94fe\u63a5\uff1a<a href=\"https://www.redhat.com/support/errata/RHSA-2007-1017.html\" target=\"_blank\">https://www.redhat.com/support/errata/RHSA-2007-1017.html</a>\r\n\r\nRHSA-2007:1016-01\uff1aCritical: samba security update\r\n\u94fe\u63a5\uff1a<a href=\"https://www.redhat.com/support/errata/RHSA-2007-1016.html\" target=\"_blank\">https://www.redhat.com/support/errata/RHSA-2007-1016.html</a>\r\n\r\nRHSA-2007:1013-01\uff1aCritical: samba security update\r\n\u94fe\u63a5\uff1a<a href=\"https://www.redhat.com/support/errata/RHSA-2007-1013.html\" target=\"_blank\">https://www.redhat.com/support/errata/RHSA-2007-1013.html</a>\r\n\r\nSamba\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=\"http://us1.samba.org/samba/ftp/stable/samba-3.0.27.tar.gz\" target=\"_blank\">http://us1.samba.org/samba/ftp/stable/samba-3.0.27.tar.gz</a>", "published": "2007-11-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-2435", "cvelist": ["CVE-2007-5398"], "lastseen": "2017-11-19T21:55:02"}], "debian": [{"id": "DSA-1409", "type": "debian", "title": "samba -- several vulnerabilities", "description": "This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. The original text is reproduced below:\n\n> Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. The Common Vulnerabilities and Exposures project identifies the following problems:\n> \n> * [CVE-2007-5398](<https://security-tracker.debian.org/tracker/CVE-2007-5398>)\n> \n> Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges.\n> \n> * [CVE-2007-4572](<https://security-tracker.debian.org/tracker/CVE-2007-4572>)\n> \n> Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.\n\nFor the old stable distribution (sarge), these problems have been fixed in version 3.0.14a-3sarge10.\n\nFor the stable distribution (etch), these problems have been fixed in version 3.0.24-6etch8.\n\nFor the unstable distribution (sid), these problems have been fixed in version 3.0.27-1.\n\nWe recommend that you upgrade your samba packages.", "published": "2007-11-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-1409", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2016-09-02T18:33:58"}], "slackware": [{"id": "SSA-2007-320-01", "type": "slackware", "title": "samba", "description": "New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0,\nand -current to fix security issues.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398\n\n\nHere are the details from the Slackware 12.0 ChangeLog:\n\npatches/packages/samba-3.0.27-i486-1_slack12.0.tgz:\n Upgraded to samba-3.0.27.\n Samba 3.0.27 is a security release in order to address a stack buffer\n overflow in nmbd's logon request processing, and remote code execution in\n Samba's WINS server daemon (nmbd) when processing name registration followed\n name query requests.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/samba-3.0.27-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/samba-3.0.27-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/samba-3.0.27-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/samba-3.0.27-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/samba-3.0.27-i486-1_slack12.0.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-3.0.27-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 10.0 package:\nf45e9c4f7dca31a0e7d54750c41ed7cb samba-3.0.27-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\nf720d064e49e2eb076b651d4711214b7 samba-3.0.27-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\ncfbfa85b36bab92cd2c4c7533d893789 samba-3.0.27-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n56c4e1b1556a551438b752bc333b87a2 samba-3.0.27-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n83eb1ee443157b74aae38ea82e11220e samba-3.0.27-i486-1_slack12.0.tgz\n\nSlackware -current package:\n3d151739e88c3df03e23c07af60389fd samba-3.0.27-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg samba-3.0.27-i486-1.tgz\n\nThen, restart Samba: \n > /etc/rc.d/rc.samba restart", "published": "2007-11-16T17:28:32", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2018-02-02T18:11:39"}], "ubuntu": [{"id": "USN-617-2", "type": "ubuntu", "title": "Samba regression", "description": "USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nSamba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572)\n\nAlin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code. (CVE-2008-1105)", "published": "2008-06-30T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/617-2/", "cvelist": ["CVE-2007-4572", "CVE-2008-1105"], "lastseen": "2018-03-29T18:20:33"}, {"id": "USN-544-2", "type": "ubuntu", "title": "Samba regression", "description": "USN-544-1 fixed two vulnerabilities in Samba. Fixes for CVE-2007-5398 are unchanged, but the upstream changes for CVE-2007-4572 introduced a regression in all releases which caused Linux smbfs mounts to fail. Additionally, Dapper and Edgy included an incomplete patch which caused configurations using NetBIOS to fail. A proper fix for these regressions does not exist at this time, and so the patch addressing CVE-2007-4572 has been removed. This vulnerability is believed to be an unexploitable denial of service, but a future update will address this issue. We apologize for the inconvenience.\n\nOriginal advisory details:\n\nSamba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572)\n\nAlin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. (CVE-2007-5398)", "published": "2007-11-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/544-2/", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2018-03-29T18:19:25"}, {"id": "USN-544-1", "type": "ubuntu", "title": "Samba vulnerabilities", "description": "Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572)\n\nAlin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. (CVE-2007-5398)", "published": "2007-11-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/544-1/", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2018-03-29T18:19:34"}, {"id": "USN-617-1", "type": "ubuntu", "title": "Samba vulnerabilities", "description": "Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572)\n\nAlin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code. (CVE-2008-1105)", "published": "2008-06-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/617-1/", "cvelist": ["CVE-2007-4572", "CVE-2008-1105"], "lastseen": "2018-03-29T18:18:28"}], "suse": [{"id": "SUSE-SA:2007:065", "type": "suse", "title": "remote code execution in samba", "description": "The samba-suite is an open-source implementation of the SMB protocol. CVE-2007-5398: Secunia Research has reported a bug in function reply_netbios_packet() that allowed remote attackers to execute arbitrary code by sending specially crafted WINS \"Name Registration\" requests followed by a WINS \"Name Query\" request packet. The exploitable code in samba can only be reached if the option \"wins support\" was enabled. CVE-2007-4572: Another bug reported by Secunia Research affected the processing of GETDC mailslot request in nmbd. This error can also be exploited remotely to execute arbitrary code, but only if samba was configured as Primary or Backup Domain Controller.\n#### Solution\nPlease install the provided samba update packages.", "published": "2007-12-05T16:05:59", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00003.html", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2016-09-04T11:46:39"}], "openvas": [{"id": "OPENVAS:59249", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200711-29 (samba)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200711-29.", "published": "2008-09-24T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=59249", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-07-24T12:50:19"}, {"id": "OPENVAS:1361412562310830106", "type": "openvas", "title": "Mandriva Update for samba MDKSA-2007:224-1 (samba)", "description": "Check for the Version of samba", "published": "2009-04-09T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830106", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2018-04-09T11:41:08"}, {"id": "OPENVAS:1361412562310880322", "type": "openvas", "title": "CentOS Update for samba CESA-2007:1114-01 centos2 i386", "description": "Check for the Version of samba", "published": "2009-02-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880322", "cvelist": ["CVE-2007-4572", "CVE-2007-6015"], "lastseen": "2018-04-09T11:41:13"}, {"id": "OPENVAS:59236", "type": "openvas", "title": "Debian Security Advisory DSA 1409-1 (samba)", "description": "The remote host is missing an update to samba\nannounced via advisory DSA 1409-1.", "published": "2008-01-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=59236", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-07-24T12:49:51"}, {"id": "OPENVAS:861518", "type": "openvas", "title": "Fedora Update for samba FEDORA-2007-751", "description": "Check for the Version of samba", "published": "2009-02-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861518", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-07-25T10:56:43"}, {"id": "OPENVAS:59917", "type": "openvas", "title": "Debian Security Advisory DSA 1409-3 (samba)", "description": "The remote host is missing an update to samba\nannounced via advisory DSA 1409-3.", "published": "2008-01-17T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=59917", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-07-24T12:50:23"}, {"id": "OPENVAS:861247", "type": "openvas", "title": "Fedora Update for samba FEDORA-2007-3402", "description": "Check for the Version of samba", "published": "2009-02-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861247", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-07-25T10:56:12"}, {"id": "OPENVAS:840293", "type": "openvas", "title": "Ubuntu Update for samba regression USN-617-2", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-617-2", "published": "2009-03-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840293", "cvelist": ["CVE-2007-4572", "CVE-2008-1105"], "lastseen": "2017-12-04T11:29:40"}, {"id": "OPENVAS:1361412562310870186", "type": "openvas", "title": "RedHat Update for samba RHSA-2007:1114-01", "description": "Check for the Version of samba", "published": "2009-03-06T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870186", "cvelist": ["CVE-2007-4572", "CVE-2007-6015"], "lastseen": "2018-04-09T11:41:21"}, {"id": "OPENVAS:861418", "type": "openvas", "title": "Fedora Update for samba FEDORA-2007-3403", "description": "Check for the Version of samba", "published": "2009-02-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861418", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-07-25T10:56:19"}], "centos": [{"id": "CESA-2007:1114-01", "type": "centos", "title": "samba security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:1114-01\n\n\nSamba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA stack buffer overflow flaw was found in the way Samba authenticates\r\nremote users. A remote unauthenticated user could trigger this flaw to\r\ncause the Samba server to crash, or execute arbitrary code with the\r\npermissions of the Samba server. (CVE-2007-6015)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\r\nresponsibly disclosing this issue.\r\n\r\nThis update also fixes a regression caused by the fix for CVE-2007-4572,\r\nwhich prevented some clients from being able to properly access shares.\r\n\r\nUsers of Samba are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014501.html\n\n**Affected packages:**\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2007-12-11T01:23:47", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-December/014501.html", "cvelist": ["CVE-2007-4572", "CVE-2007-6015"], "lastseen": "2017-10-12T14:46:06"}, {"id": "CESA-2007:1013-01", "type": "centos", "title": "samba security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:1013-01\n\n\nSamba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies.\r\nIf a Samba server is configured to run as a WINS server, a remote\r\nunauthenticated user could cause the Samba server to crash or execute\r\narbitrary code. (CVE-2007-5398)\r\n\r\nA heap-based buffer overflow flaw was found in the way Samba authenticates\r\nusers. A remote unauthenticated user could trigger this flaw to cause the\r\nSamba server to crash. Careful analysis of this flaw has determined that\r\narbitrary code execution is not possible, and under most circumstances will\r\nnot result in a crash of the Samba server. (CVE-2007-4572)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research, and the Samba\r\ndevelopers for responsibly disclosing these issues.\r\n\r\nUsers of Samba are advised to ugprade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014441.html\n\n**Affected packages:**\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2007-11-15T23:26:10", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/014441.html", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-10-12T14:46:08"}, {"id": "CESA-2007:1114", "type": "centos", "title": "samba security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:1114\n\n\nSamba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA stack buffer overflow flaw was found in the way Samba authenticates\r\nremote users. A remote unauthenticated user could trigger this flaw to\r\ncause the Samba server to crash, or execute arbitrary code with the\r\npermissions of the Samba server. (CVE-2007-6015)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\r\nresponsibly disclosing this issue.\r\n\r\nThis update also fixes a regression caused by the fix for CVE-2007-4572,\r\nwhich prevented some clients from being able to properly access shares.\r\n\r\nUsers of Samba are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014490.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014492.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014494.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014495.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014498.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014499.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014503.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-December/014504.html\n\n**Affected packages:**\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1114.html", "published": "2007-12-10T19:26:24", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-December/014490.html", "cvelist": ["CVE-2007-4572", "CVE-2007-6015"], "lastseen": "2017-10-12T14:44:54"}, {"id": "CESA-2007:1013", "type": "centos", "title": "samba security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:1013\n\n\nSamba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies.\r\nIf a Samba server is configured to run as a WINS server, a remote\r\nunauthenticated user could cause the Samba server to crash or execute\r\narbitrary code. (CVE-2007-5398)\r\n\r\nA heap-based buffer overflow flaw was found in the way Samba authenticates\r\nusers. A remote unauthenticated user could trigger this flaw to cause the\r\nSamba server to crash. Careful analysis of this flaw has determined that\r\narbitrary code execution is not possible, and under most circumstances will\r\nnot result in a crash of the Samba server. (CVE-2007-4572)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research, and the Samba\r\ndevelopers for responsibly disclosing these issues.\r\n\r\nUsers of Samba are advised to ugprade to these updated packages, which\r\ncontain backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014437.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014438.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014444.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014448.html\n\n**Affected packages:**\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1013.html", "published": "2007-11-15T19:31:12", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/014437.html", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-10-12T14:45:11"}, {"id": "CESA-2007:1016", "type": "centos", "title": "samba security update", "description": "**CentOS Errata and Security Advisory** CESA-2007:1016\n\n\nSamba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies.\r\nIf a Samba server is configured to run as a WINS server, a remote\r\nunauthenticated user could cause the Samba server to crash or execute\r\narbitrary code. (CVE-2007-5398)\r\n\r\nA heap-based buffer overflow flaw was found in the way Samba authenticates\r\nusers. A remote unauthenticated user could trigger this flaw to cause the\r\nSamba server to crash. Careful analysis of this flaw has determined that\r\narbitrary code execution is not possible, and under most circumstances will\r\nnot result in a crash of the Samba server. (CVE-2007-4572)\r\n\r\nA flaw was found in the way Samba assigned group IDs under certain\r\nconditions. If the \"winbind nss info\" parameter in smb.conf is set to\r\neither \"sfu\" or \"rfc2307\", Samba users are incorrectly assigned the group\r\nID of 0. (CVE-2007-4138)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research, Rick King,\r\nand the Samba developers for responsibly disclosing these issues.\r\n\r\nAll Samba users are advised to upgrade to these updated packages, which\r\ncontain a backported patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014428.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-November/014442.html\n\n**Affected packages:**\nsamba\nsamba-client\nsamba-common\nsamba-swat\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-1016.html", "published": "2007-11-15T18:56:31", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2007-November/014428.html", "cvelist": ["CVE-2007-4572", "CVE-2007-4138", "CVE-2007-5398"], "lastseen": "2017-10-12T14:46:32"}], "oraclelinux": [{"id": "ELSA-2007-1013", "type": "oraclelinux", "title": "Critical: samba security update ", "description": " [3.0.9-1.3E.14]\n \n - Security fix for CVE-2007-4572 and CVE-2007-5398\n resolves: #350731\n resolves: #359101 ", "published": "2007-11-16T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-1013.html", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2016-09-04T11:16:42"}, {"id": "ELSA-2007-1114", "type": "oraclelinux", "title": "Critical: samba security and bug fix update ", "description": " [3.0.9-1.3E.14.3]\n \n - Security fix for CVE-2007-6015\n - Fix for regression introduced with CVE-2007-4572\n - resolves: #407321\n - resolves: #389021 ", "published": "2007-12-10T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-1114.html", "cvelist": ["CVE-2007-4572", "CVE-2007-6015"], "lastseen": "2016-09-04T11:16:07"}, {"id": "ELSA-2007-1016", "type": "oraclelinux", "title": "Critical: samba security update ", "description": " [3.0.25b-1]\n - samba incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin\n - samba buffer overflow\n - Samba \"reply_netbios_packet()\" Buffer Overflow Vulnerability ", "published": "2007-12-04T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-1016.html", "cvelist": ["CVE-2007-4572", "CVE-2007-4138", "CVE-2007-5398"], "lastseen": "2016-09-04T11:16:44"}, {"id": "ELSA-2007-1017", "type": "oraclelinux", "title": "Critical: samba security update ", "description": " [3.0.25b-0.el5_1.1]\n - Security fix for CVE-2007-4138\n - Security fix for CVE-2007-4572\n - Security fix for CVE-2007-5398\n - Multilib Fix\n - resolves: #351501\n - resolves: #350761\n - resolves: #359151\n - resolves: #356851\n \n -------------- next part --------------\n An HTML attachment was scrubbed...\n URL: http://oss.oracle.com/pipermail/el-errata/attachments/20071123/ec47524f/attachment.html ", "published": "2007-11-23T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2007-1017.html", "cvelist": ["CVE-2007-4572", "CVE-2007-4138", "CVE-2007-5398"], "lastseen": "2016-09-04T11:16:53"}], "redhat": [{"id": "RHSA-2007:1114", "type": "redhat", "title": "(RHSA-2007:1114) Critical: samba security and bug fix update", "description": "Samba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA stack buffer overflow flaw was found in the way Samba authenticates\r\nremote users. A remote unauthenticated user could trigger this flaw to\r\ncause the Samba server to crash, or execute arbitrary code with the\r\npermissions of the Samba server. (CVE-2007-6015)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\r\nresponsibly disclosing this issue.\r\n\r\nThis update also fixes a regression caused by the fix for CVE-2007-4572,\r\nwhich prevented some clients from being able to properly access shares.\r\n\r\nUsers of Samba are advised to upgrade to these updated packages, which\r\ncontain a backported patch to resolve these issues.", "published": "2007-12-10T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1114", "cvelist": ["CVE-2007-4572", "CVE-2007-6015"], "lastseen": "2018-05-11T21:13:46"}, {"id": "RHSA-2007:1013", "type": "redhat", "title": "(RHSA-2007:1013) Critical: samba security update", "description": "Samba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies.\r\nIf a Samba server is configured to run as a WINS server, a remote\r\nunauthenticated user could cause the Samba server to crash or execute\r\narbitrary code. (CVE-2007-5398)\r\n\r\nA heap-based buffer overflow flaw was found in the way Samba authenticates\r\nusers. A remote unauthenticated user could trigger this flaw to cause the\r\nSamba server to crash. Careful analysis of this flaw has determined that\r\narbitrary code execution is not possible, and under most circumstances will\r\nnot result in a crash of the Samba server. (CVE-2007-4572)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research, and the Samba\r\ndevelopers for responsibly disclosing these issues.\r\n\r\nUsers of Samba are advised to ugprade to these updated packages, which\r\ncontain backported patches to resolve these issues.", "published": "2007-11-15T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1013", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2018-05-11T21:13:33"}, {"id": "RHSA-2007:1017", "type": "redhat", "title": "(RHSA-2007:1017) Critical: samba security update", "description": "Samba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies.\r\nIf a Samba server is configured to run as a WINS server, a remote\r\nunauthenticated user could cause the Samba server to crash or execute\r\narbitrary code. (CVE-2007-5398)\r\n\r\nA heap based buffer overflow flaw was found in the way Samba authenticates\r\nusers. A remote unauthenticated user could trigger this flaw to cause the\r\nSamba server to crash. Careful analysis of this flaw has determined that\r\narbitrary code execution is not possible, and under most circumstances will\r\nnot result in a crash of the Samba server. (CVE-2007-4572)\r\n\r\nA flaw was found in the way Samba assigned group IDs under certain\r\nconditions. If the \"winbind nss info\" parameter in smb.conf is set to\r\neither \"sfu\" or \"rfc2307\", Samba users are incorrectly assigned the group\r\nID of 0. (CVE-2007-4138)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research, Rick King,\r\nand the Samba developers for responsibly disclosing these issues.\r\n\r\nAll Samba users are advised to upgrade to these updated packages, which\r\ncontain a backported patch to correct these issues.", "published": "2007-11-15T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1017", "cvelist": ["CVE-2007-4138", "CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-09-09T07:20:28"}, {"id": "RHSA-2007:1016", "type": "redhat", "title": "(RHSA-2007:1016) Critical: samba security update", "description": "Samba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies.\r\nIf a Samba server is configured to run as a WINS server, a remote\r\nunauthenticated user could cause the Samba server to crash or execute\r\narbitrary code. (CVE-2007-5398)\r\n\r\nA heap-based buffer overflow flaw was found in the way Samba authenticates\r\nusers. A remote unauthenticated user could trigger this flaw to cause the\r\nSamba server to crash. Careful analysis of this flaw has determined that\r\narbitrary code execution is not possible, and under most circumstances will\r\nnot result in a crash of the Samba server. (CVE-2007-4572)\r\n\r\nA flaw was found in the way Samba assigned group IDs under certain\r\nconditions. If the \"winbind nss info\" parameter in smb.conf is set to\r\neither \"sfu\" or \"rfc2307\", Samba users are incorrectly assigned the group\r\nID of 0. (CVE-2007-4138)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research, Rick King,\r\nand the Samba developers for responsibly disclosing these issues.\r\n\r\nAll Samba users are advised to upgrade to these updated packages, which\r\ncontain a backported patch to correct these issues.", "published": "2007-11-15T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1016", "cvelist": ["CVE-2007-4138", "CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2017-09-09T07:19:43"}, {"id": "RHSA-2007:1034", "type": "redhat", "title": "(RHSA-2007:1034) Critical: samba security update", "description": "Samba is a suite of programs used by machines to share files, printers, and\r\nother information.\r\n\r\nA buffer overflow flaw was found in the way Samba creates NetBIOS replies.\r\nIf a Samba server is configured to run as a WINS server, a remote\r\nunauthenticated user could cause the Samba server to crash, or execute\r\narbitrary code. (CVE-2007-5398)\r\n\r\nRed Hat would like to thank Alin Rad Pop of Secunia Research for\r\nresponsibly disclosing this issue.\r\n\r\nUsers of Samba should upgrade to these updated packages, which contain a\r\nbackported patch to correct this issue.", "published": "2007-11-15T05:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2007:1034", "cvelist": ["CVE-2007-5398"], "lastseen": "2017-09-09T07:19:17"}], "gentoo": [{"id": "GLSA-200711-29", "type": "gentoo", "title": "Samba: Execution of arbitrary code", "description": "### Background\n\nSamba is a suite of SMB and CIFS client/server programs for UNIX. \n\n### Description\n\nTwo vulnerabilities have been reported in nmbd. Alin Rad Pop (Secunia Research) discovered a boundary checking error in the reply_netbios_packet() function which could lead to a stack-based buffer overflow (CVE-2007-5398). The Samba developers discovered a boundary error when processing GETDC logon requests also leading to a buffer overflow (CVE-2007-4572). \n\n### Impact\n\nTo exploit the first vulnerability, a remote unauthenticated attacker could send specially crafted WINS \"Name Registration\" requests followed by a WINS \"Name Query\" request. This might lead to execution of arbitrary code with elevated privileges. Note that this vulnerability is exploitable only when WINS server support is enabled in Samba. The second vulnerability could be exploited by sending specially crafted \"GETDC\" mailslot requests, but requires Samba to be configured as a Primary or Backup Domain Controller. It is not believed the be exploitable to execute arbitrary code. \n\n### Workaround\n\nTo work around the first vulnerability, disable WINS support in Samba by setting \"_wins support = no_\" in the \"global\" section of your smb.conf and restart Samba. \n\n### Resolution\n\nAll Samba users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-fs/samba-3.0.27a\"\n\nThe first vulnerability (CVE-2007-5398) was already fixed in Samba 3.0.26a-r2.", "published": "2007-11-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200711-29", "cvelist": ["CVE-2007-4572", "CVE-2007-5398"], "lastseen": "2016-09-06T19:46:42"}], "vmware": [{"id": "VMSA-2008-0001", "type": "vmware", "title": "Updated service console patches.", "description": "I Service Console package security updates\n", "published": "2008-01-07T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.vmware.com/security/advisories/VMSA-2008-0001.html", "cvelist": ["CVE-2007-3108", "CVE-2007-5191", "CVE-2007-5360", "CVE-2007-4572", "CVE-2007-5135", "CVE-2007-5116", "CVE-2007-5398"], "lastseen": "2016-09-04T11:19:36"}]}}
