This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Samba. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarAddPrivilegesToAccount, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution.

References

us1.samba.org/samba/security/CVE-2007-2446.html

checkpoint_advisories 4

saint 4

packetstorm 4

zdi 4

canvas 2

nessus 20

securityvulns 8

cve 1

debiancve 1

samba 1

prion 1

ubuntucve 1

cert 1

openvas 53

oraclelinux 1

centos 2

redhat 1

debian 6

fedora 2

slackware 1

gentoo 1

ubuntu 1

altlinux 1

freebsd 1

suse 1

osv 1

vmware 1

seebug 1

checkpoint_advisories

Samba NetDFS RPC netdfs_io_dfs_EnumInfo_d Handling Heap Overflow (CVE-2007-2446)

2007-06-17 00:00:00

Samba SPOOLSS smb_io_notify_option_type_data Request Buffer Overflow (CVE-2007-2446)

2010-09-16 00:00:00

Samba LSA RPC lsa_io_trans_names Request Handling Heap Overflow (CVE-2007-2446)

2010-09-16 00:00:00

saint

Samba lsa_io_trans_names buffer overflow

2007-12-24 00:00:00

Samba lsa_io_trans_names buffer overflow

2007-12-24 00:00:00

Samba lsa_io_trans_names buffer overflow

2007-12-24 00:00:00

packetstorm

lsa_transnames_heap-linux.rb.txt

2007-07-26 00:00:00

lsa_transnames_heap-osx.rb.txt

2007-07-26 00:00:00

Samba lsa_io_trans_names Heap Overflow

2009-10-27 00:00:00

zdi

Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability

2007-07-11 00:00:00

Samba sec_io_acl Heap Overflow Vulnerability

2007-07-11 00:00:00

Samba lsa_io_trans_names Heap Overflow Vulnerability

2007-07-11 00:00:00

canvas

Immunity Canvas: ASUS_SAMBA

2007-05-14 17:19:00

Immunity Canvas: SOLARIS_SAMBA

2007-05-14 21:19:00

nessus

Samba NDR MS-RPC Request Heap-Based Remote Buffer Overflow

2007-05-15 00:00:00

SuSE 10 Security Update : Samba (ZYPP Patch Number 3351)

2007-12-13 00:00:00

openSUSE 10 Security Update : samba (samba-3349)

2007-10-17 00:00:00

securityvulns

ZDI-07-033: Samba lsa_io_trans_names Heap Overflow Vulnerability

2007-05-16 00:00:00

ZDI-07-032: Samba sec_io_acl Heap Overflow Vulnerability

2007-05-16 00:00:00

ZDI-07-029: Samba lsa_io_privilege_set Heap Overflow Vulnerability

2007-05-16 00:00:00

cve

CVE-2007-2446

2007-05-14 21:19:00

debiancve

CVE-2007-2446

2007-05-14 21:19:00

samba

Multiple Heap Overflows Allow Remote

2007-05-14 00:00:00

prion

Heap overflow

2007-05-14 21:19:00

ubuntucve

CVE-2007-2446

2007-05-14 00:00:00

cert

Samba NDR MS-RPC heap buffer overflow

2007-05-14 00:00:00

openvas

Samba 3.0.0 <= 3.0.25rc3 Remote Code Execution Vulnerability (CVE-2007-2446)

2021-09-24 00:00:00

HP-UX Update for CIFS Server (Samba) HPSBUX02218

2009-05-05 00:00:00

Debian Security Advisory DSA 1291-2 (samba)

2008-01-17 00:00:00

oraclelinux

Critical: samba security update

2007-05-14 00:00:00

centos

samba security update

2007-05-14 23:38:47

samba security update

2007-05-14 17:11:04

redhat

(RHSA-2007:0354) Critical: samba security update

2007-05-14 00:00:00

debian

[SECURITY] [DSA 1291-2] New samba packages fix multiple vulnerabilities

2007-05-17 12:29:25

[SECURITY] [DSA 1291-2] New samba packages fix multiple vulnerabilities

2007-05-17 12:29:25

[SECURITY] [DSA 1291-4] New samba packages fix regression

2007-06-04 19:37:12

fedora

[SECURITY] Fedora Core 6 Update: samba-3.0.24-5.fc6

2007-05-14 17:22:17

[SECURITY] Fedora Core 5 Update: samba-3.0.24-5.fc5

2007-05-14 17:21:19

slackware

[slackware-security] samba

2007-05-15 03:03:31

gentoo

Samba: Multiple vulnerabilities

2007-05-15 00:00:00

ubuntu

Samba vulnerabilities

2007-05-16 00:00:00

altlinux

Security fix for the ALT Linux 5 package samba version 3.0.25-alt1

2007-05-14 00:00:00

freebsd

samba -- multiple vulnerabilities

2007-05-14 00:00:00

suse

remote code execution in samba

2007-05-22 14:13:43

osv

samba

2007-05-15 00:00:00

vmware

Updated versions of all supported hosted products and all ESX 2x products and patches for ESX 30x address critical security updates. Service Console security updates for samba, bind, krb5, vixie-cron, shadow-utils, openldap, pam, gcc, and gdb packages.

2007-09-18 00:00:00

seebug

Mac OS X 2007-007更新修复多个安全漏洞

2007-08-02 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

JSON

Related for ZDI-07-029