Oval Definition:oval:org.mitre.oval:def:11415
Revision Date:2013-04-29Version:12
Title:Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
Description:Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2007-2446
Platform(s):CentOS Linux 3
CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • samba-common is earlier than 0:3.0.9-1.3E.13.2
  • OR samba-swat is earlier than 0:3.0.9-1.3E.13.2
  • OR samba-client is earlier than 0:3.0.9-1.3E.13.2
  • OR samba is earlier than 0:3.0.9-1.3E.13.2
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • samba-common is earlier than 0:3.0.10-1.4E.12.2
  • OR samba-swat is earlier than 0:3.0.10-1.4E.12.2
  • OR samba-client is earlier than 0:3.0.10-1.4E.12.2
  • OR samba is earlier than 0:3.0.10-1.4E.12.2
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • samba-common is earlier than 0:3.0.23c-2.el5.2.0.2
  • OR samba-swat is earlier than 0:3.0.23c-2.el5.2.0.2
  • OR samba-client is earlier than 0:3.0.23c-2.el5.2.0.2
  • OR samba is earlier than 0:3.0.23c-2.el5.2.0.2
    • BACK