Vulnerability Name:
CVE-2007-0453 (CCN-32231)
Assigned:
2007-02-05
Published:
2007-02-05
Updated:
2018-10-16
Summary:
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
4.6 Medium
(CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
)
3.4 Low
(Temporal CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
5.5 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Access
References:
Source: CCN
Type: BugTraq Mailing List, Mon Feb 05 2007 - 07:24:30 CST
[SAMBA-SECURITY] CVE-2007-0453: Buffer overrun in nss_winbind.so.1 on Solaris
Source: MITRE
Type: CNA
CVE-2007-0453
Source: OSVDB
Type: UNKNOWN
33098
Source: CCN
Type: SA24043
Samba Winbind Library Buffer Overflow Vulnerabilities
Source: SECUNIA
Type: UNKNOWN
24043
Source: SECUNIA
Type: UNKNOWN
24101
Source: SECUNIA
Type: UNKNOWN
24151
Source: CCN
Type: SECTRACK ID: 1017589
Samba Solaris winbindd Daemon Name Resolution Query Buffer Overflows May Let Remtoe Users Execute Arbitrary Code
Source: SECTRACK
Type: UNKNOWN
1017589
Source: SLACKWARE
Type: UNKNOWN
SSA:2007-038-01
Source: CCN
Type: Samba Web site
Samba - opening windows to a wider world
Source: CONFIRM
Type: UNKNOWN
http://us1.samba.org/samba/security/CVE-2007-0453.html
Source: CCN
Type: OpenPKG-SA-2007.012
Samba
Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2007.012
Source: CCN
Type: OSVDB ID: 33098
Samba nss_winbind.so.1 Multiple Function Overflow
Source: BUGTRAQ
Type: UNKNOWN
20070205 [SAMBA-SECURITY] CVE-2007-0453: Buffer overrun in nss_winbind.so.1 on Solaris
Source: BUGTRAQ
Type: UNKNOWN
20070207 rPSA-2007-0026-1 samba samba-swat
Source: BID
Type: UNKNOWN
22410
Source: CCN
Type: BID-22410
Samba NSS host lookup Winbind Multiple Remote Buffer Overflow Vulnerabilities
Source: TRUSTIX
Type: UNKNOWN
2007-0007
Source: VUPEN
Type: UNKNOWN
ADV-2007-0483
Source: XF
Type: UNKNOWN
samba-winbind-bo(32231)
Source: XF
Type: UNKNOWN
samba-winbind-bo(32231)
Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1005
Source: SUSE
Type: SUSE-SA:2007:016
samba remote denial of service
Vulnerable Configuration:
Configuration 1
:
cpe:/a:samba:samba:3.0.21:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.21a:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.21b:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.21c:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.22:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.23:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.23a:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.23b:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.23c:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.23d:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:samba:samba:3.0.21:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.22:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.23:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.23a:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.23b:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.23c:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.23d:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.21a:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.21b:*:*:*:*:*:*:*
OR
cpe:/a:samba:samba:3.0.21c:*:*:*:*:*:*:*
AND
cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
OR
cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
OR
cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
OR
cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
OR
cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
OR
cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
OR
cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
OR
cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
samba
samba 3.0.21
samba
samba 3.0.21a
samba
samba 3.0.21b
samba
samba 3.0.21c
samba
samba 3.0.22
samba
samba 3.0.23
samba
samba 3.0.23a
samba
samba 3.0.23b
samba
samba 3.0.23c
samba
samba 3.0.23d
samba
samba 3.0.21
samba
samba 3.0.22
samba
samba 3.0.23
samba
samba 3.0.23a
samba
samba 3.0.23b
samba
samba 3.0.23c
samba
samba 3.0.23d
samba
samba 3.0.21a
samba
samba 3.0.21b
samba
samba 3.0.21c
openpkg
openpkg current
novell
linux desktop 9
novell
open enterprise server *
suse
suse linux 10.0
suse
suse linux 10.1
novell
open enterprise server *
novell
opensuse 10.2
suse
suse linux 9.3
Denotes that component is vulnerable