Vulnerability Name:

CVE-2007-0454 (CCN-32304)

Assigned:2007-02-05
Published:2007-02-05
Updated:2018-10-16
Summary:Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
CVSS v3 Severity:8.0 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.1 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-134
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Mon Feb 05 2007 - 07:26:06 CST
[SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin

Source: MITRE
Type: CNA
CVE-2007-0454

Source: OSVDB
Type: UNKNOWN
33101

Source: SECUNIA
Type: Vendor Advisory
24021

Source: CCN
Type: SA24046
Samba Denial of Service and Format String Vulnerability

Source: SECUNIA
Type: Vendor Advisory
24046

Source: SECUNIA
Type: Vendor Advisory
24060

Source: SECUNIA
Type: Vendor Advisory
24067

Source: SECUNIA
Type: Vendor Advisory
24101

Source: SECUNIA
Type: Vendor Advisory
24145

Source: SECUNIA
Type: Vendor Advisory
24151

Source: CCN
Type: SECTRACK ID: 1017588
Samba Format String Bug in `afsacl.so` VFS Plugin May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1017588

Source: SLACKWARE
Type: UNKNOWN
SSA:2007-038-01

Source: CCN
Type: Samba Web site
Samba - opening windows to a wider world

Source: CONFIRM
Type: UNKNOWN
http://us1.samba.org/samba/security/CVE-2007-0454.html

Source: DEBIAN
Type: UNKNOWN
DSA-1257

Source: DEBIAN
Type: DSA-1257
samba -- several vulnerabilities

Source: CCN
Type: GLSA-200702-01
Samba: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200702-01

Source: CCN
Type: US-CERT VU#649732
Samba AFS ACL mapping VFS plug-in format string vulnerability

Source: CERT-VN
Type: US Government Resource
VU#649732

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:034

Source: CCN
Type: OpenPKG-SA-2007.012
Samba

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2007.012

Source: CCN
Type: OSVDB ID: 33101
Samba VFS Plugin afsacl.so Format String

Source: BUGTRAQ
Type: UNKNOWN
20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin

Source: BUGTRAQ
Type: UNKNOWN
20070207 rPSA-2007-0026-1 samba samba-swat

Source: BID
Type: Patch
22403

Source: CCN
Type: BID-22403
Samba Server VFS Plugin AFSACL.SO Remote Format String Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2007-0007

Source: CCN
Type: TLSA-2007-18
Samba denial of service attack

Source: CCN
Type: USN-419-1
Samba vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-419-1

Source: VUPEN
Type: Vendor Advisory
ADV-2007-0483

Source: XF
Type: UNKNOWN
samba-afsacl-format-string(32304)

Source: XF
Type: UNKNOWN
samba-afsacl-format-string(32304)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1005

Source: SUSE
Type: SUSE-SA:2007:016
samba remote denial of service

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:samba:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23d:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linuxsoft_2007:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linuxsoft_2007:*:*:x86_64:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:samba:samba:3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.7:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23d:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.9:*:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:1257
    V
    several vulnerabilities
    2007-02-05
    BACK
    samba samba 3.0.6
    samba samba 3.0.7
    samba samba 3.0.8
    samba samba 3.0.9
    samba samba 3.0.10
    samba samba 3.0.11
    samba samba 3.0.12
    samba samba 3.0.13
    samba samba 3.0.14
    samba samba 3.0.14a
    samba samba 3.0.20
    samba samba 3.0.20a
    samba samba 3.0.20b
    samba samba 3.0.21
    samba samba 3.0.21a
    samba samba 3.0.21b
    samba samba 3.0.21c
    samba samba 3.0.22
    samba samba 3.0.23d
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.0
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    debian debian linux 3.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linuxsoft 2007 *
    mandrakesoft mandrake linuxsoft 2007 *
    samba samba 3.0.6
    samba samba 3.0.7
    debian debian linux 3.1
    samba samba 3.0.10
    samba samba 3.0.11
    samba samba 3.0.12
    samba samba 3.0.14a
    samba samba 3.0.20
    samba samba 3.0.20a
    samba samba 3.0.20b
    samba samba 3.0.21
    samba samba 3.0.22
    samba samba 3.0.23
    samba samba 3.0.23a
    samba samba 3.0.23b
    samba samba 3.0.23c
    samba samba 3.0.23d
    samba samba 3.0.21a
    samba samba 3.0.21b
    samba samba 3.0.21c
    samba samba 3.0.13
    samba samba 3.0.8
    samba samba 3.0.9
    openpkg openpkg current
    gentoo linux *
    mandrakesoft mandrake linux corporate server 3.0
    novell linux desktop 9
    novell open enterprise server *
    suse suse linux 10.0
    mandrakesoft mandrake linux 2006
    canonical ubuntu 6.06
    suse suse linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux fuji
    novell open enterprise server *
    novell opensuse 10.2
    suse suse linux 9.3