Veracode Vulnerability DatabaseVERACODE:23143Arbitrary Code Execution
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
samba is vulnerable to arbitrary code execution. A heap-based buffer overflow flaw was found in the way Samba authenticates users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash. Careful analysis of this flaw has determined that arbitrary code execution is not possible, and under most circumstances will not result in a crash of the Samba server.
References
docs.info.apple.com/article.html?artnum=307179
lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
lists.vmware.com/pipermail/security-announce/2008/000002.html
marc.info/?l=bugtraq&m=120524782005154&w=2
secunia.com/advisories/27450
secunia.com/advisories/27679
secunia.com/advisories/27682
secunia.com/advisories/27691
secunia.com/advisories/27701
secunia.com/advisories/27720
secunia.com/advisories/27731
secunia.com/advisories/27787
secunia.com/advisories/27927
secunia.com/advisories/28136
secunia.com/advisories/28368
secunia.com/advisories/29341
secunia.com/advisories/30484
secunia.com/advisories/30736
secunia.com/advisories/30835
securitytracker.com/id?1018954
slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739
sunsolve.sun.com/search/document.do?assetkey=1-26-237764-1
us1.samba.org/samba/security/CVE-2007-4572.html
www.debian.org/security/2007/dsa-1409
www.gentoo.org/security/en/glsa/glsa-200711-29.xml
www.mandriva.com/security/advisories?name=MDKSA-2007:224
www.novell.com/linux/security/advisories/2007_65_samba.html
www.redhat.com/security/updates/classification/#critical
www.redhat.com/support/errata/RHSA-2007-1013.html
www.redhat.com/support/errata/RHSA-2007-1016.html
www.redhat.com/support/errata/RHSA-2007-1017.html
www.securityfocus.com/archive/1/485936/100/0/threaded
www.securityfocus.com/archive/1/486859/100/0/threaded
www.securityfocus.com/bid/26454
www.ubuntu.com/usn/usn-544-2
www.ubuntu.com/usn/usn-617-1
www.us-cert.gov/cas/techalerts/TA07-352A.html
www.vmware.com/security/advisories/VMSA-2008-0001.html
www.vupen.com/english/advisories/2007/3869
www.vupen.com/english/advisories/2007/4238
www.vupen.com/english/advisories/2008/0064
www.vupen.com/english/advisories/2008/0859/references
www.vupen.com/english/advisories/2008/1712/references
www.vupen.com/english/advisories/2008/1908
www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657
access.redhat.com/errata/RHSA-2007:1016
exchange.xforce.ibmcloud.com/vulnerabilities/38501
issues.rpath.com/browse/RPL-1894
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11132
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5643
usn.ubuntu.com/544-1/
www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C