Lucene search

[email protected]NVD:CVE-2007-5398

HistoryNov 16, 2007 - 6:46 p.m.

CVE-2007-5398

2007-11-1618:46:00

CWE-119

[email protected]

web.nvd.nist.gov

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.96 High

EPSS

Percentile

99.5%

JSON

Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.

Affected configurations

NVD

Node

sambasambaMatch3.0.0

sambasambaMatch3.0.1

sambasambaMatch3.0.2

sambasambaMatch3.0.2a

sambasambaMatch3.0.3

sambasambaMatch3.0.4

sambasambaMatch3.0.4rc1

sambasambaMatch3.0.5

sambasambaMatch3.0.6

sambasambaMatch3.0.7

sambasambaMatch3.0.8

sambasambaMatch3.0.9

sambasambaMatch3.0.10

sambasambaMatch3.0.11

sambasambaMatch3.0.12

sambasambaMatch3.0.13

sambasambaMatch3.0.14

sambasambaMatch3.0.14a

sambasambaMatch3.0.15

sambasambaMatch3.0.16

sambasambaMatch3.0.17

sambasambaMatch3.0.18

sambasambaMatch3.0.19

sambasambaMatch3.0.20

sambasambaMatch3.0.20a

sambasambaMatch3.0.20b

sambasambaMatch3.0.21

sambasambaMatch3.0.21a

sambasambaMatch3.0.21b

sambasambaMatch3.0.21c

sambasambaMatch3.0.22

sambasambaMatch3.0.23

sambasambaMatch3.0.23a

sambasambaMatch3.0.23b

sambasambaMatch3.0.23c

sambasambaMatch3.0.23d

sambasambaMatch3.0.24

sambasambaMatch3.0.25

sambasambaMatch3.0.25pre1

sambasambaMatch3.0.25pre2

sambasambaMatch3.0.25rc1

sambasambaMatch3.0.25rc2

sambasambaMatch3.0.25rc3

sambasambaMatch3.0.25a

sambasambaMatch3.0.25b

sambasambaMatch3.0.25c

sambasambaMatch3.0.26

sambasambaMatch3.0.26a

References

docs.info.apple.com/article.html?artnum=307179

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

lists.vmware.com/pipermail/security-announce/2008/000002.html

marc.info/?l=bugtraq&m=120524782005154&w=2

secunia.com/advisories/27450

secunia.com/advisories/27679

secunia.com/advisories/27682

secunia.com/advisories/27691

secunia.com/advisories/27701

secunia.com/advisories/27720

secunia.com/advisories/27731

secunia.com/advisories/27742

secunia.com/advisories/27787

secunia.com/advisories/27927

secunia.com/advisories/28136

secunia.com/advisories/28368

secunia.com/advisories/29341

secunia.com/advisories/30484

secunia.com/advisories/30835

secunia.com/secunia_research/2007-90/advisory/

securityreason.com/securityalert/3372

securitytracker.com/id?1018953

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739

sunsolve.sun.com/search/document.do?assetkey=1-26-237764-1

us1.samba.org/samba/security/CVE-2007-5398.html

www.debian.org/security/2007/dsa-1409

www.gentoo.org/security/en/glsa/glsa-200711-29.xml

www.mandriva.com/security/advisories?name=MDKSA-2007:224

www.novell.com/linux/security/advisories/2007_65_samba.html

www.redhat.com/support/errata/RHSA-2007-1013.html

www.redhat.com/support/errata/RHSA-2007-1016.html

www.redhat.com/support/errata/RHSA-2007-1017.html

www.securityfocus.com/archive/1/483744/100/0/threaded

www.securityfocus.com/archive/1/485936/100/0/threaded

www.securityfocus.com/archive/1/486859/100/0/threaded

www.securityfocus.com/bid/26455

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vmware.com/security/advisories/VMSA-2008-0001.html

www.vupen.com/english/advisories/2007/3869

www.vupen.com/english/advisories/2007/4238

www.vupen.com/english/advisories/2008/0064

www.vupen.com/english/advisories/2008/0859/references

www.vupen.com/english/advisories/2008/1712/references

www.vupen.com/english/advisories/2008/1908

www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657

exchange.xforce.ibmcloud.com/vulnerabilities/38502

issues.rpath.com/browse/RPL-1894

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10230

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5811

usn.ubuntu.com/544-1/

www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.96 High

EPSS

Percentile

99.5%

JSON

Related for NVD:CVE-2007-5398