Vulnerability Name:

CVE-2007-2446 (CCN-34309)

Assigned:2007-05-14
Published:2007-05-14
Updated:2018-10-16
Summary:Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Sun May 13 2007 - 17:48:56 CDT
[SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution

Source: CCN
Type: BugTraq Mailing List, Tue Jul 10 2007 - 07:53:45 CDT
[security bulletin] HPSBTU02233 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation

Source: CCN
Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: MITRE
Type: CNA
CVE-2007-2446

Source: CCN
Type: Apple Security Update 2007-007
About Security Update 2007-007

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=306172

Source: CCN
Type: Apple Web site
Apple security updates

Source: CCN
Type: HP Security Bulletin HPSBUX02218 SSRT071424
HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution

Source: HP
Type: UNKNOWN
HPSBUX02218

Source: CCN
Type: HP Security Bulletin HPSBTU02218 SSRT071424
HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation

Source: HP
Type: UNKNOWN
HPSBTU02218

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-07-31

Source: FULLDISC
Type: UNKNOWN
20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:031

Source: CCN
Type: VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007
VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Source: OSVDB
Type: UNKNOWN
34699

Source: OSVDB
Type: UNKNOWN
34731

Source: OSVDB
Type: UNKNOWN
34733

Source: CCN
Type: RHSA-2007-0354
Critical: samba security update

Source: CCN
Type: SA25232
Samba Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
25232

Source: SECUNIA
Type: Vendor Advisory
25241

Source: SECUNIA
Type: Vendor Advisory
25246

Source: SECUNIA
Type: Vendor Advisory
25251

Source: SECUNIA
Type: Vendor Advisory
25255

Source: SECUNIA
Type: Vendor Advisory
25256

Source: SECUNIA
Type: Vendor Advisory
25257

Source: SECUNIA
Type: Vendor Advisory
25259

Source: SECUNIA
Type: Vendor Advisory
25270

Source: SECUNIA
Type: UNKNOWN
25289

Source: SECUNIA
Type: UNKNOWN
25391

Source: SECUNIA
Type: UNKNOWN
25567

Source: CCN
Type: SA25675
Sun Solaris Multiple Samba Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25675

Source: CCN
Type: SA25772
HP Internet Express for Tru64 UNIX Samba Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25772

Source: CCN
Type: SA26235
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
26235

Source: CCN
Type: SA26909
VMware ESX Server Multiple Security Updates

Source: SECUNIA
Type: UNKNOWN
26909

Source: SECUNIA
Type: UNKNOWN
27706

Source: CCN
Type: SA28292
Xerox ESS/Network Controller Samba Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
28292

Source: GENTOO
Type: UNKNOWN
GLSA-200705-15

Source: SREASON
Type: UNKNOWN
2702

Source: CCN
Type: SECTRACK ID: 1018050
Samba Heap Overflows in Parsing NDR Data Let Remote Users Execute Arbitrary Code

Source: SLACKWARE
Type: UNKNOWN
SSA:2007-134-01

Source: CCN
Type: Sun Alert ID: 102964
Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution, Elevation of Privileges, or Remote Shell Command Execution

Source: SUNALERT
Type: UNKNOWN
102964

Source: SUNALERT
Type: UNKNOWN
200588

Source: CCN
Type: ASA-2007-207
samba security update (RHSA-2007-0354)

Source: CCN
Type: ASA-2007-219
HP-UX running CIFS Server (Samba) Remote Arbitrary Code Execution (HPSBUX02218)

Source: CCN
Type: ASA-2007-272
Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution Elevation of Privileges or Remote Shell Command Execution (Sun 102964)

Source: DEBIAN
Type: UNKNOWN
DSA-1291

Source: DEBIAN
Type: DSA-1291
samba -- several vulnerabilities

Source: CCN
Type: GLSA-200705-15
Samba: Multiple vulnerabilities

Source: CCN
Type: US-CERT VU#773720
Samba NDR MS-RPC heap buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#773720

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:104

Source: CCN
Type: OpenPKG-SA-2007.012
Samba

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2007.012

Source: OSVDB
Type: UNKNOWN
34732

Source: CCN
Type: OSVDB ID: 34699
Samba LSA RPC Interface Multiple Function Remote Overflow

Source: CCN
Type: OSVDB ID: 34731
Samba SRVSVC RPC Interface NetSetFileSecurity Request Remote Overflow

Source: CCN
Type: OSVDB ID: 34732
Samba SPOOLSS RPC Interface RFNPCNEX Request Remote Overflow

Source: CCN
Type: OSVDB ID: 34733
Samba DFS RPC Interface DFSEnum Request Remote Overflow

Source: REDHAT
Type: Vendor Advisory
RHSA-2007:0354

Source: CCN
Type: Samba Security Web site
Samba - Security Updates and Information

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.samba.org/samba/security/CVE-2007-2446.html

Source: BUGTRAQ
Type: UNKNOWN
20070513 [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution

Source: BUGTRAQ
Type: UNKNOWN
20070515 FLEA-2007-0017-1: samba

Source: BUGTRAQ
Type: UNKNOWN
20070515 ZDI-07-032: Samba sec_io_acl Heap Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070515 ZDI-07-031: Samba smb_io_notify_option_type_data Heap Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070515 ZDI-07-029: Samba lsa_io_privilege_set Heap Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070515 ZDI-07-030: Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20070515 ZDI-07-033: Samba lsa_io_trans_names Heap Overflow Vulnerability

Source: BID
Type: UNKNOWN
23973

Source: CCN
Type: BID-23973
Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
24195

Source: CCN
Type: BID-24195
Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
24196

Source: CCN
Type: BID-24196
Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
24197

Source: CCN
Type: BID-24197
Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
24198

Source: CCN
Type: BID-24198
Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
25159

Source: CCN
Type: BID-25159
Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1018050

Source: TRUSTIX
Type: UNKNOWN
2007-0017

Source: CCN
Type: TLSA-2007-35
Two vulnerabilities discovered in samba

Source: CCN
Type: USN-460-1
Samba vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-460-1

Source: CCN
Type: VMware, Inc. Web site
Download Patch ESX-1001213 for VMware ESX Server 3.0.1

Source: VUPEN
Type: UNKNOWN
ADV-2007-1805

Source: VUPEN
Type: UNKNOWN
ADV-2007-2079

Source: VUPEN
Type: UNKNOWN
ADV-2007-2210

Source: VUPEN
Type: UNKNOWN
ADV-2007-2281

Source: VUPEN
Type: UNKNOWN
ADV-2007-2732

Source: VUPEN
Type: UNKNOWN
ADV-2007-3229

Source: VUPEN
Type: UNKNOWN
ADV-2008-0050

Source: CCN
Type: XEROX Web site
XEROX SECURITY BULLETIN XRX08-001

Source: CONFIRM
Type: UNKNOWN
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-029.html

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-030.html

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-031.html

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-032.html

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-07-033.html

Source: XF
Type: UNKNOWN
samba-lsaioprivilegeset-bo(34309)

Source: XF
Type: UNKNOWN
samba-lsaioprivilegeset-bo(34309)

Source: XF
Type: UNKNOWN
samba-netdfsiodfsenuminfod-bo(34311)

Source: XF
Type: UNKNOWN
samba-smbionotifyoptiontypedata-bo(34312)

Source: XF
Type: UNKNOWN
samba-secioacl-bo(34314)

Source: XF
Type: UNKNOWN
samba-lsaiotransnames-bo(34316)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1366

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11415

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [05-30-2018]
Samba lsa_io_privilege_set Heap Overflow

Source: SUSE
Type: SUSE-SA:2007:031
Samba Security Problems

Source: SUSE
Type: SUSE-SR:2007:011
SUSE Security Summary Report

Source: CCN
Type: ZDI-07-029
Samba lsa_io_privilege_set Heap Overflow Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23d:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc3:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:7655:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:7665:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14:-:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20:-:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21:-:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23:-:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23d:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:8:*:*:*:server:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10:*:*:*:desktop:*:*:*
  • OR cpe:/o:sun:solaris:9:*:x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10:*:*:*:server:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:232:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:238:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:245:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:255:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:265:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:275:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:232:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:238:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:245:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:255:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:265:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:275:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.10:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z:*:es:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-2446 (CCN-34311)

    Assigned:2007-05-14
    Published:2007-05-14
    Updated:2018-10-16
    Summary:Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-119
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: BugTraq Mailing List, Sun May 13 2007 - 17:48:56 CDT
    [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution

    Source: CCN
    Type: BugTraq Mailing List, Tue Jul 10 2007 - 07:53:45 CDT
    [security bulletin] HPSBTU02233 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation

    Source: CCN
    Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT
    VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

    Source: MITRE
    Type: CNA
    CVE-2007-2446

    Source: CCN
    Type: Apple Security Update 2007-007
    About Security Update 2007-007

    Source: CCN
    Type: Apple Web site
    Apple security updates

    Source: CCN
    Type: HP Security Bulletin HPSBUX02218 SSRT071424
    HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution

    Source: CCN
    Type: HP Security Bulletin HPSBTU02218 SSRT071424
    HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation

    Source: CCN
    Type: VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007
    VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

    Source: CCN
    Type: RHSA-2007-0354
    Critical: samba security update

    Source: CCN
    Type: SA25232
    Samba Multiple Vulnerabilities

    Source: CCN
    Type: SA25675
    Sun Solaris Multiple Samba Vulnerabilities

    Source: CCN
    Type: SA25772
    HP Internet Express for Tru64 UNIX Samba Vulnerabilities

    Source: CCN
    Type: SA26235
    Mac OS X Security Update Fixes Multiple Vulnerabilities

    Source: CCN
    Type: SA26909
    VMware ESX Server Multiple Security Updates

    Source: CCN
    Type: SA28292
    Xerox ESS/Network Controller Samba Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1018050
    Samba Heap Overflows in Parsing NDR Data Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: Sun Alert ID: 102964
    Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution, Elevation of Privileges, or Remote Shell Command Execution

    Source: CCN
    Type: ASA-2007-207
    samba security update (RHSA-2007-0354)

    Source: CCN
    Type: ASA-2007-219
    HP-UX running CIFS Server (Samba) Remote Arbitrary Code Execution (HPSBUX02218)

    Source: CCN
    Type: ASA-2007-272
    Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution Elevation of Privileges or Remote Shell Command Execution (Sun 102964)

    Source: DEBIAN
    Type: DSA-1291
    samba -- several vulnerabilities

    Source: CCN
    Type: GLSA-200705-15
    Samba: Multiple vulnerabilities

    Source: CCN
    Type: US-CERT VU#773720
    Samba NDR MS-RPC heap buffer overflow

    Source: CCN
    Type: OpenPKG-SA-2007.012
    Samba

    Source: CCN
    Type: OSVDB ID: 34699
    Samba LSA RPC Interface Multiple Function Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34731
    Samba SRVSVC RPC Interface NetSetFileSecurity Request Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34732
    Samba SPOOLSS RPC Interface RFNPCNEX Request Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34733
    Samba DFS RPC Interface DFSEnum Request Remote Overflow

    Source: CCN
    Type: Samba Web site
    Samba - Security Updates and Information

    Source: CCN
    Type: BID-23973
    Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24195
    Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24196
    Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24197
    Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24198
    Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-25159
    Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

    Source: CCN
    Type: TLSA-2007-35
    Two vulnerabilities discovered in samba

    Source: CCN
    Type: USN-460-1
    Samba vulnerabilities

    Source: CCN
    Type: VMware, Inc. Web site
    Download Patch ESX-1001213 for VMware ESX Server 3.0.1

    Source: CCN
    Type: XEROX Web site
    XEROX SECURITY BULLETIN XRX08-001

    Source: XF
    Type: UNKNOWN
    samba-netdfsiodfsenuminfod-bo(34311)

    Source: SUSE
    Type: SUSE-SA:2007:031
    Samba Security Problems

    Source: SUSE
    Type: SUSE-SR:2007:011
    SUSE Security Summary Report

    Source: CCN
    Type: ZDI-07-030
    Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-2446 (CCN-34312)

    Assigned:2007-05-14
    Published:2007-05-14
    Updated:2007-05-15
    Summary:Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: BugTraq Mailing List, Sun May 13 2007 - 17:48:56 CDT
    [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution

    Source: CCN
    Type: BugTraq Mailing List, Tue Jul 10 2007 - 07:53:45 CDT
    [security bulletin] HPSBTU02233 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation

    Source: CCN
    Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT
    VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

    Source: MITRE
    Type: CNA
    CVE-2007-2446

    Source: CCN
    Type: Apple Security Update 2007-007
    About Security Update 2007-007

    Source: CCN
    Type: Apple Web site
    Apple security updates

    Source: CCN
    Type: HP Security Bulletin HPSBUX02218 SSRT071424
    HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution

    Source: CCN
    Type: HP Security Bulletin HPSBTU02218 SSRT071424
    HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation

    Source: CCN
    Type: VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007
    VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

    Source: CCN
    Type: RHSA-2007-0354
    Critical: samba security update

    Source: CCN
    Type: SA25232
    Samba Multiple Vulnerabilities

    Source: CCN
    Type: SA25675
    Sun Solaris Multiple Samba Vulnerabilities

    Source: CCN
    Type: SA25772
    HP Internet Express for Tru64 UNIX Samba Vulnerabilities

    Source: CCN
    Type: SA26235
    Mac OS X Security Update Fixes Multiple Vulnerabilities

    Source: CCN
    Type: SA26909
    VMware ESX Server Multiple Security Updates

    Source: CCN
    Type: SA28292
    Xerox ESS/Network Controller Samba Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1018050
    Samba Heap Overflows in Parsing NDR Data Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: Sun Alert ID: 102964
    Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution, Elevation of Privileges, or Remote Shell Command Execution

    Source: CCN
    Type: ASA-2007-207
    samba security update (RHSA-2007-0354)

    Source: CCN
    Type: ASA-2007-219
    HP-UX running CIFS Server (Samba) Remote Arbitrary Code Execution (HPSBUX02218)

    Source: CCN
    Type: ASA-2007-272
    Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution Elevation of Privileges or Remote Shell Command Execution (Sun 102964)

    Source: DEBIAN
    Type: DSA-1291
    samba -- several vulnerabilities

    Source: CCN
    Type: GLSA-200705-15
    Samba: Multiple vulnerabilities

    Source: CCN
    Type: US-CERT VU#773720
    Samba NDR MS-RPC heap buffer overflow

    Source: CCN
    Type: OpenPKG-SA-2007.012
    Samba

    Source: CCN
    Type: OSVDB ID: 34699
    Samba LSA RPC Interface Multiple Function Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34731
    Samba SRVSVC RPC Interface NetSetFileSecurity Request Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34732
    Samba SPOOLSS RPC Interface RFNPCNEX Request Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34733
    Samba DFS RPC Interface DFSEnum Request Remote Overflow

    Source: CCN
    Type: Samba Security Web site
    Samba - Security Updates and Information

    Source: CCN
    Type: BID-23973
    Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24195
    Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24196
    Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24197
    Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24198
    Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-25159
    Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

    Source: CCN
    Type: TLSA-2007-35
    Two vulnerabilities discovered in samba

    Source: CCN
    Type: USN-460-1
    Samba vulnerabilities

    Source: CCN
    Type: VMware, Inc. Web site
    Download Patch ESX-1001213 for VMware ESX Server 3.0.1

    Source: CCN
    Type: XEROX Web site
    XEROX SECURITY BULLETIN XRX08-001

    Source: XF
    Type: UNKNOWN
    samba-smbionotifyoptiontypedata-bo(34312)

    Source: SUSE
    Type: SUSE-SA:2007:031
    Samba Security Problems

    Source: SUSE
    Type: SUSE-SR:2007:011
    SUSE Security Summary Report

    Source: CCN
    Type: ZDI-07-031
    Samba smb_io_notify_option_type_data Heap Overflow Vulnerability

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:7655:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:7665:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23d:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:232:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:238:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:245:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:255:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:265:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:275:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:232:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:238:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:245:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:255:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:265:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:275:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:retail_solution:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:hosting:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:workgroup:*:server:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z:*:es:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-2446 (CCN-34314)

    Assigned:2007-05-14
    Published:2007-05-14
    Updated:2007-05-15
    Summary:Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: BugTraq Mailing List, Sun May 13 2007 - 17:48:56 CDT
    [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution

    Source: CCN
    Type: BugTraq Mailing List, Tue Jul 10 2007 - 07:53:45 CDT
    [security bulletin] HPSBTU02233 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation

    Source: CCN
    Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT
    VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

    Source: MITRE
    Type: CNA
    CVE-2007-2446

    Source: CCN
    Type: Apple Security Update 2007-007
    About Security Update 2007-007

    Source: CCN
    Type: Apple Web site
    Apple security updates

    Source: CCN
    Type: HP Security Bulletin HPSBUX02218 SSRT071424
    HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution

    Source: CCN
    Type: HP Security Bulletin HPSBTU02218 SSRT071424
    HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation

    Source: CCN
    Type: VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007
    VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

    Source: CCN
    Type: RHSA-2007-0354
    Critical: samba security update

    Source: CCN
    Type: SA25232
    Samba Multiple Vulnerabilities

    Source: CCN
    Type: SA25675
    Sun Solaris Multiple Samba Vulnerabilities

    Source: CCN
    Type: SA25772
    HP Internet Express for Tru64 UNIX Samba Vulnerabilities

    Source: CCN
    Type: SA26235
    Mac OS X Security Update Fixes Multiple Vulnerabilities

    Source: CCN
    Type: SA26909
    VMware ESX Server Multiple Security Updates

    Source: CCN
    Type: SA28292
    Xerox ESS/Network Controller Samba Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1018050
    Samba Heap Overflows in Parsing NDR Data Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: Sun Alert ID: 102964
    Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution, Elevation of Privileges, or Remote Shell Command Execution

    Source: CCN
    Type: ASA-2007-207
    samba security update (RHSA-2007-0354)

    Source: CCN
    Type: ASA-2007-219
    HP-UX running CIFS Server (Samba) Remote Arbitrary Code Execution (HPSBUX02218)

    Source: CCN
    Type: ASA-2007-272
    Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution Elevation of Privileges or Remote Shell Command Execution (Sun 102964)

    Source: DEBIAN
    Type: DSA-1291
    samba -- several vulnerabilities

    Source: CCN
    Type: GLSA-200705-15
    Samba: Multiple vulnerabilities

    Source: CCN
    Type: US-CERT VU#773720
    Samba NDR MS-RPC heap buffer overflow

    Source: CCN
    Type: OpenPKG-SA-2007.012
    Samba

    Source: CCN
    Type: OSVDB ID: 34699
    Samba LSA RPC Interface Multiple Function Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34731
    Samba SRVSVC RPC Interface NetSetFileSecurity Request Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34732
    Samba SPOOLSS RPC Interface RFNPCNEX Request Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34733
    Samba DFS RPC Interface DFSEnum Request Remote Overflow

    Source: CCN
    Type: Samba Security Web site
    Samba - Security Updates and Information

    Source: CCN
    Type: BID-23973
    Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24195
    Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24196
    Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24197
    Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24198
    Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-25159
    Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

    Source: CCN
    Type: TLSA-2007-35
    Two vulnerabilities discovered in samba

    Source: CCN
    Type: USN-460-1
    Samba vulnerabilities

    Source: CCN
    Type: VMware, Inc. Web site
    Download Patch ESX-1001213 for VMware ESX Server 3.0.1

    Source: CCN
    Type: XEROX Web site
    XEROX SECURITY BULLETIN XRX08-001

    Source: XF
    Type: UNKNOWN
    samba-secioacl-bo(34314)

    Source: SUSE
    Type: SUSE-SA:2007:031
    Samba Security Problems

    Source: SUSE
    Type: SUSE-SR:2007:011
    SUSE Security Summary Report

    Source: CCN
    Type: ZDI-07-032
    Samba sec_io_acl Heap Overflow Vulnerability

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:7655:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:7665:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23d:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21a:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21b:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21c:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10:*:x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:232:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:238:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:245:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:255:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:265:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:275:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:232:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:238:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:245:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:255:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:265:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:275:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:retail_solution:*:*:*:*:*
  • OR cpe:/o:vmware:esx:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:novell_linux_pos:9:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:hosting:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux_appliance:1.0:*:workgroup:*:server:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.10:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z:*:es:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esx:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9:*:sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-2446 (CCN-34316)

    Assigned:2007-05-14
    Published:2007-05-14
    Updated:2007-05-15
    Summary:Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: BugTraq Mailing List, Sun May 13 2007 - 17:48:56 CDT
    [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution

    Source: CCN
    Type: BugTraq Mailing List, Tue Jul 10 2007 - 07:53:45 CDT
    [security bulletin] HPSBTU02233 SSRT071424 rev.1 - HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation

    Source: CCN
    Type: Full-Disclosure Mailing List, Wed Sep 19 2007 - 21:15:23 CDT
    VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

    Source: MITRE
    Type: CNA
    CVE-2007-2446

    Source: CCN
    Type: Apple Security Update 2007-007
    About Security Update 2007-007

    Source: CCN
    Type: Apple Web site
    Apple security updates

    Source: CCN
    Type: HP Security Bulletin HPSBUX02218 SSRT071424
    HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution

    Source: CCN
    Type: HP Security Bulletin HPSBTU02218 SSRT071424
    HP Tru64 UNIX Internet Express running Samba, Remote Arbitrary Code Execution or Local Unauthorized Privilege Elevation

    Source: CCN
    Type: VMware Security-announce Mailing list, Wed Sep 19 19:15:23 PDT 2007
    VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

    Source: CCN
    Type: RHSA-2007-0354
    Critical: samba security update

    Source: CCN
    Type: SA25232
    Samba Multiple Vulnerabilities

    Source: CCN
    Type: SA25675
    Sun Solaris Multiple Samba Vulnerabilities

    Source: CCN
    Type: SA25772
    HP Internet Express for Tru64 UNIX Samba Vulnerabilities

    Source: CCN
    Type: SA26235
    Mac OS X Security Update Fixes Multiple Vulnerabilities

    Source: CCN
    Type: SA26909
    VMware ESX Server Multiple Security Updates

    Source: CCN
    Type: SA28292
    Xerox ESS/Network Controller Samba Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1018050
    Samba Heap Overflows in Parsing NDR Data Let Remote Users Execute Arbitrary Code

    Source: CCN
    Type: Sun Alert ID: 102964
    Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution, Elevation of Privileges, or Remote Shell Command Execution

    Source: CCN
    Type: ASA-2007-207
    samba security update (RHSA-2007-0354)

    Source: CCN
    Type: ASA-2007-219
    HP-UX running CIFS Server (Samba) Remote Arbitrary Code Execution (HPSBUX02218)

    Source: CCN
    Type: ASA-2007-272
    Multiple Security Vulnerabilities in samba(7) May Allow Remote Code Execution Elevation of Privileges or Remote Shell Command Execution (Sun 102964)

    Source: DEBIAN
    Type: DSA-1291
    samba -- several vulnerabilities

    Source: CCN
    Type: GLSA-200705-15
    Samba: Multiple vulnerabilities

    Source: CCN
    Type: US-CERT VU#773720
    Samba NDR MS-RPC heap buffer overflow

    Source: CCN
    Type: OpenPKG-SA-2007.012
    Samba

    Source: CCN
    Type: OSVDB ID: 34699
    Samba LSA RPC Interface Multiple Function Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34731
    Samba SRVSVC RPC Interface NetSetFileSecurity Request Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34732
    Samba SPOOLSS RPC Interface RFNPCNEX Request Remote Overflow

    Source: CCN
    Type: OSVDB ID: 34733
    Samba DFS RPC Interface DFSEnum Request Remote Overflow

    Source: CCN
    Type: Samba Security Web site
    Samba - Security Updates and Information

    Source: CCN
    Type: BID-23973
    Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24195
    Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24196
    Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24197
    Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-24198
    Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-25159
    Apple Mac OS X 2007-007 Multiple Security Vulnerabilities

    Source: CCN
    Type: TLSA-2007-35
    Two vulnerabilities discovered in samba

    Source: CCN
    Type: USN-460-1
    Samba vulnerabilities

    Source: CCN
    Type: VMware, Inc. Web site
    Download Patch ESX-1001213 for VMware ESX Server 3.0.1

    Source: CCN
    Type: XEROX Web site
    XEROX SECURITY BULLETIN XRX08-001

    Source: XF
    Type: UNKNOWN
    samba-lsaiotransnames-bo(34316)

    Source: CCN
    Type: Rapid7 Vulnerability and Exploit Database [05-14-2007]
    Samba lsa_io_trans_names Heap Overflow

    Source: CCN
    Type: Rapid7 Vulnerability and Exploit Database [05-14-2007]
    Samba lsa_io_trans_names Heap Overflow

    Source: CCN
    Type: Rapid7 Vulnerability and Exploit Database [05-14-2007]
    Samba lsa_io_trans_names Heap Overflow

    Source: SUSE
    Type: SUSE-SA:2007:031
    Samba Security Problems

    Source: SUSE
    Type: SUSE-SR:2007:011
    SUSE Security Summary Report

    Source: CCN
    Type: ZDI-07-033
    Samba lsa_io_trans_names Heap Overflow Vulnerability

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:samba:samba:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.10:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:7655:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre:7665:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.2:a:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.14:a:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.17:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.18:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.19:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20:a:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.20:b:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.22:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23:a:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23:b:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23:c:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.23:d:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.24:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21:a:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21:b:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.21:c:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
  • OR cpe:/a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
  • AND
  • cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:8:*:*:*:server:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10:*:*:*:desktop:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10:*:*:*:server:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:-:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:232:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:238:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:245:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:255:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:265:*:*:*:*:*:*:*
  • OR cpe:/h:xerox:workcentre_pro:275:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20072446
    V
    		CVE-2007-2446
    2022-06-30
    oval:org.opensuse.security:def:42280
    P
    		Security update for gzip (Important)
    2022-05-10
    oval:org.opensuse.security:def:42344
    P
    		Security update for ucode-intel (Important)
    2022-02-25
    oval:org.opensuse.security:def:112125
    P
    		ctdb-4.14.6+git.182.2205d5224e3-1.1 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:112075
    P
    		cifs-utils-6.13-1.3 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:26219
    P
    		Security update for apache2 (Important) (in QA)
    2022-01-10
    oval:org.opensuse.security:def:31754
    P
    		Security update for libsndfile (Important)
    2022-01-05
    oval:org.opensuse.security:def:26223
    P
    		Security update for net-snmp (Important)
    2022-01-05
    oval:org.opensuse.security:def:31751
    P
    		Security update for java-1_8_0-ibm (Important) (in QA)
    2022-01-04
    oval:org.opensuse.security:def:31722
    P
    		Security update for xorg-x11-server (Important)
    2021-12-20
    oval:org.opensuse.security:def:32246
    P
    		Security update for xorg-x11-server (Important)
    2021-12-14
    oval:org.opensuse.security:def:33060
    P
    		Security update for MozillaFirefox (Important)
    2021-12-12
    oval:org.opensuse.security:def:31712
    P
    		Security update for xen (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:42141
    P
    		Security update for glibc (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:32229
    P
    		Security update for ruby2.1 (Important)
    2021-12-01
    oval:org.opensuse.security:def:31714
    P
    		Security update for webkit2gtk3 (Important)
    2021-12-01
    oval:org.opensuse.security:def:31707
    P
    		Security update for postgresql10 (Important)
    2021-11-22
    oval:org.opensuse.security:def:32224
    P
    		Security update for postgresql96 (Important)
    2021-11-22
    oval:org.opensuse.security:def:31307
    P
    		Security update for postgresql, postgresql13, postgresql14 (Important)
    2021-11-20
    oval:org.opensuse.security:def:26166
    P
    		Security update for php74 (Moderate)
    2021-11-18
    oval:org.opensuse.security:def:105662
    P
    		Security update for MozillaFirefox (Important)
    2021-11-10
    oval:org.opensuse.security:def:31701
    P
    		Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:26155
    P
    		Security update for cairo (Low)
    2021-10-22
    oval:org.opensuse.security:def:31288
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-10-18
    oval:org.opensuse.security:def:26145
    P
    		Security update for the Linux Kernel (Important)
    2021-10-12
    oval:org.opensuse.security:def:33021
    P
    		Security update for libqt5-qtsvg (Moderate)
    2021-10-11
    oval:org.opensuse.security:def:31690
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-06
    oval:org.opensuse.security:def:26141
    P
    		Security update for webkit2gtk3 (Important)
    2021-10-06
    oval:org.opensuse.security:def:31689
    P
    		Security update for glibc (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:105618
    P
    		cifs-utils-6.13-1.3 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:26117
    P
    		Security update for xen (Important)
    2021-09-02
    oval:org.opensuse.security:def:32180
    P
    		Security update for file (Important)
    2021-09-02
    oval:org.opensuse.security:def:26114
    P
    		Security update for openexr (Important)
    2021-09-02
    oval:org.opensuse.security:def:32173
    P
    		Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-08-25
    oval:org.opensuse.security:def:26102
    P
    		Security update for php72 (Important)
    2021-08-06
    oval:org.opensuse.security:def:31663
    P
    		Security update for djvulibre (Important)
    2021-08-05
    oval:org.opensuse.security:def:32160
    P
    		Security update for djvulibre (Important)
    2021-08-05
    oval:org.opensuse.security:def:32158
    P
    		Security update for dbus-1 (Important)
    2021-08-02
    oval:org.opensuse.security:def:31656
    P
    		Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:31230
    P
    		Security update for linuxptp (Important)
    2021-07-21
    oval:org.opensuse.security:def:32143
    P
    		Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:26085
    P
    		Security update for arpwatch (Important)
    2021-06-28
    oval:org.opensuse.security:def:31650
    P
    		Security update for arpwatch (Important)
    2021-06-28
    oval:org.opensuse.security:def:31215
    P
    		Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:31214
    P
    		Security update for libgcrypt (Important)
    2021-06-24
    oval:org.opensuse.security:def:31648
    P
    		Security update for openexr (Important)
    2021-06-24
    oval:org.opensuse.security:def:31203
    P
    		Security update for apache2 (Important)
    2021-06-17
    oval:org.opensuse.security:def:31202
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:32119
    P
    		Security update for java-1_8_0-openjdk (Moderate)
    2021-06-15
    oval:org.opensuse.security:def:32116
    P
    		Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:31637
    P
    		Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:26072
    P
    		Security update for caribou (Important)
    2021-06-10
    oval:org.opensuse.security:def:31636
    P
    		Security update for spice (Important)
    2021-06-08
    oval:org.opensuse.security:def:36170
    P
    		ldapsmb-1.34b-12.58.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42083
    P
    		Security update for the Linux Kernel (Important)
    2021-06-08
    oval:org.opensuse.security:def:42504
    P
    		cifs-utils-5.1-0.14.46 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36223
    P
    		libtevent0-x86-3.6.3-0.39.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42577
    P
    		ldapsmb-1.34b-12.58.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36460
    P
    		libldb-devel-3.6.3-0.58.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36097
    P
    		cifs-utils-5.1-0.14.46 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42630
    P
    		libtevent0-x86-3.6.3-0.39.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32090
    P
    		Security update for avahi (Important)
    2021-06-03
    oval:org.opensuse.security:def:26064
    P
    		Security update for libwebp (Critical)
    2021-06-02
    oval:org.opensuse.security:def:26057
    P
    		Security update for libX11 (Moderate)
    2021-05-26
    oval:org.opensuse.security:def:31622
    P
    		Security update for graphviz (Critical)
    2021-05-19
    oval:org.opensuse.security:def:32094
    P
    		Security update for graphviz (Critical)
    2021-05-19
    oval:org.opensuse.security:def:26053
    P
    		Security update for libxml2 (Important)
    2021-05-19
    oval:org.opensuse.security:def:31156
    P
    		Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)
    2021-04-28
    oval:org.opensuse.security:def:32901
    P
    		Security update for ImageMagick (Moderate)
    2021-04-20
    oval:org.opensuse.security:def:31607
    P
    		Security update for qemu (Important)
    2021-04-16
    oval:org.opensuse.security:def:32070
    P
    		Security update for clamav (Important)
    2021-04-14
    oval:org.opensuse.security:def:31145
    P
    		Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:31144
    P
    		Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:26213
    P
    		Security update for evolution-data-server (Moderate)
    2021-03-19
    oval:org.opensuse.security:def:31364
    P
    		Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP3) (Important)
    2021-03-17
    oval:org.opensuse.security:def:32278
    P
    		Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-03-17
    oval:org.opensuse.security:def:31362
    P
    		Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-03-17
    oval:org.opensuse.security:def:33094
    P
    		Security update for apache2 (Moderate)
    2021-03-12
    oval:org.opensuse.security:def:26205
    P
    		Security update for openssl-1_0_0 (Moderate)
    2021-03-08
    oval:org.opensuse.security:def:31352
    P
    		Security update for openldap2 (Important)
    2021-03-03
    oval:org.opensuse.security:def:26199
    P
    		Security update for ImageMagick (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:26198
    P
    		Security update for avahi (Moderate)
    2021-02-23
    oval:org.opensuse.security:def:31341
    P
    		Security update for jasper (Important)
    2021-02-16
    oval:org.opensuse.security:def:31340
    P
    		Security update for wpa_supplicant (Important)
    2021-02-15
    oval:org.opensuse.security:def:31649
    P
    		Security update for postgresql, postgresql12, postgresql13 (Important)
    2021-01-26
    oval:org.opensuse.security:def:26061
    P
    		Security update for dovecot22 (Important)
    2021-01-04
    oval:org.opensuse.security:def:32022
    P
    		Security update for xen (Moderate)
    2020-12-29
    oval:org.opensuse.security:def:31569
    P
    		Security update for clamav (Important)
    2020-12-22
    oval:org.opensuse.security:def:32837
    P
    		Security update for clamav (Important)
    2020-12-22
    oval:org.opensuse.security:def:25976
    P
    		Security update for curl (Moderate)
    2020-12-10
    oval:org.opensuse.security:def:32006
    P
    		Security update for mutt (Important)
    2020-12-07
    oval:org.opensuse.security:def:31563
    P
    		Security update for mutt (Important)
    2020-12-07
    oval:org.opensuse.security:def:31083
    P
    		Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:32003
    P
    		Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:35734
    P
    		ldapsmb-1.34b-12.18.3 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35873
    P
    		cifs-utils-5.1-0.11.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35529
    P
    		cifs-mount-3.4.3-1.17.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35937
    P
    		ldapsmb-1.34b-12.39.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35676
    P
    		cifs-utils-5.1-0.4.9 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41936
    P
    		cifs-mount-3.4.3-1.17.2 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:31558
    P
    		Security update for python3 (Important)
    2020-12-02
    oval:org.opensuse.security:def:31416
    P
    		Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26741
    P
    		libcap-progs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27423
    P
    		kdebase4-workspace-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26009
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25731
    P
    		Security update for memcached (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25850
    P
    		Security update for libreoffice (Low)
    2020-12-01
    oval:org.opensuse.security:def:25988
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26000
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25964
    P
    		Security update for libraw (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25812
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:26641
    P
    		syslog-ng on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33186
    P
    		libtevent0-x86 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25227
    P
    		Security update for wicked (Important)
    2020-12-01
    oval:org.opensuse.security:def:31873
    P
    		Security update for cvs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31858
    P
    		Security update for cups (Important)
    2020-12-01
    oval:org.opensuse.security:def:31898
    P
    		Security update for MozillaFirefox, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:32494
    P
    		cifs-mount on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30998
    P
    		Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:26263
    P
    		Security update for libEMF (Important)
    2020-12-01
    oval:org.opensuse.security:def:26734
    P
    		ldapsmb on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25286
    P
    		Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:25156
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31907
    P
    		Security update for freetype2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32056
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32798
    P
    		tgt on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26349
    P
    		Security update for redis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26398
    P
    		Security update for pdns-recursor (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27060
    P
    		xorg-x11-libs-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25646
    P
    		Security update for tomcat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25435
    P
    		Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:25489
    P
    		Security update for pam_radius (Important)
    2020-12-01
    oval:org.opensuse.security:def:25569
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:25657
    P
    		Security update for graphviz (Low)
    2020-12-01
    oval:org.opensuse.security:def:32355
    P
    		Security update for squid3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32317
    P
    		Security update for rsync (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32456
    P
    		Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31405
    P
    		Security update for perl-DBI (Important)
    2020-12-01
    oval:org.opensuse.security:def:31426
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31512
    P
    		Recommended update for python 2.7 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31598
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26490
    P
    		Security update for pdns (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26785
    P
    		mozilla-xulrunner192 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27168
    P
    		ldapsmb on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25720
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:25722
    P
    		Security update for ovmf (Low)
    2020-12-01
    oval:org.opensuse.security:def:25708
    P
    		Security update for mariadb-100 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25849
    P
    		Security update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:25857
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25798
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:32465
    P
    		Security update for xorg-x11-libXv (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33147
    P
    		libexif on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31575
    P
    		Security update for sudo
    2020-12-01
    oval:org.opensuse.security:def:31771
    P
    		Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:31812
    P
    		Security update for apache2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31859
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31773
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32455
    P
    		Security update for xorg-x11-libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:30997
    P
    		Security update for jasper (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25784
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:25923
    P
    		Security update for util-linux (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25959
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26699
    P
    		freeradius-server on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25285
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:25092
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31775
    P
    		Security update for MozillaFirefox (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31946
    P
    		Security update for gnutls (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32017
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:31956
    P
    		Security update for gtk2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32641
    P
    		cifs-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26294
    P
    		Security update for bluez (Important)
    2020-12-01
    oval:org.opensuse.security:def:26276
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26422
    P
    		Security update for Chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26872
    P
    		cifs-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25424
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25303
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:25365
    P
    		Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25506
    P
    		Security update for openexr (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32862
    P
    		freeradius-server on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31404
    P
    		Security update for perl-DBI (Important)
    2020-12-01
    oval:org.opensuse.security:def:31511
    P
    		Security update for python27-urllib3, python27-boto3, python27-botocore, python27-s3transfer (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26586
    P
    		libexiv2-4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26451
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26378
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27133
    P
    		glib2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25719
    P
    		Security update for ipmitool (Important)
    2020-12-01
    oval:org.opensuse.security:def:25499
    P
    		Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25627
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25765
    P
    		Security update for Adobe Flash Player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25804
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25759
    P
    		Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32390
    P
    		Security update for tomcat6 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32509
    P
    		fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31564
    P
    		Security update for squid3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31490
    P
    		Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:31810
    P
    		Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26727
    P
    		kdenetwork4-filesharing on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31817
    P
    		Security update for atftp (Important)
    2020-12-01
    oval:org.opensuse.security:def:27221
    P
    		libtevent0-x86 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25773
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25795
    P
    		Security update for kernel-source (Important)
    2020-12-01
    oval:org.opensuse.security:def:25931
    P
    		Security update for libcares2 (Low)
    2020-12-01
    oval:org.opensuse.security:def:25913
    P
    		Security update for tcpdump, libpcap (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25915
    P
    		Security update for libosip2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25945
    P
    		Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:25856
    P
    		Security update for gd (Important)
    2020-12-01
    oval:org.opensuse.security:def:26529
    P
    		cifs-mount on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25081
    P
    		Security update for libarchive (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31781
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31930
    P
    		Security update for glib2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31950
    P
    		Security update for grub2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31917
    P
    		Security update for gd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31920
    P
    		Security update for ghostscript-library (Important)
    2020-12-01
    oval:org.opensuse.security:def:32602
    P
    		ruby on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26021
    P
    		Security update for libreoffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26017
    P
    		Security update for gnome-shell (Low)
    2020-12-01
    oval:org.opensuse.security:def:26837
    P
    		vte on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25423
    P
    		Security update for mariadb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25239
    P
    		Security update for python3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25284
    P
    		Security update for xrdp (Important)
    2020-12-01
    oval:org.opensuse.security:def:31999
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:32699
    P
    		ldapsmb on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26435
    P
    		Security update for znc (Low)
    2020-12-01
    oval:org.opensuse.security:def:26402
    P
    		Security update for irssi (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26364
    P
    		Security update for irssi (Low)
    2020-12-01
    oval:org.opensuse.security:def:26495
    P
    		Security update for phpMyAdmin (Important)
    2020-12-01
    oval:org.opensuse.security:def:26936
    P
    		ldapsmb on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25488
    P
    		Security update for file-roller (Low)
    2020-12-01
    oval:org.opensuse.security:def:25361
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:25512
    P
    		Security update for tomcat (Important)
    2020-12-01
    oval:org.opensuse.security:def:25653
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32299
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32351
    P
    		Security update for squid (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32339
    P
    		Security update for shim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31420
    P
    		Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26688
    P
    		ecryptfs-utils-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26504
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27186
    P
    		libgcrypt11 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25772
    P
    		Security update for gstreamer-0_10-plugins-bad (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25658
    P
    		Security update for liblouis (Low)
    2020-12-01
    oval:org.opensuse.security:def:25691
    P
    		Security update for python36 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25829
    P
    		Security update for php5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25862
    P
    		Recommended update for mariadb (Important)
    2020-12-01
    oval:org.opensuse.security:def:25906
    P
    		Security update for sane-backends (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32443
    P
    		Security update for xen (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26494
    P
    		Security update for pdns-recursor (Important)
    2020-12-01
    oval:org.opensuse.security:def:33133
    P
    		ldapsmb on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25080
    P
    		Security update for libxml2 (Low)
    2020-12-01
    oval:org.opensuse.security:def:31794
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31868
    P
    		Security update for curl (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31964
    P
    		Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27458
    P
    		libldb-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26010
    P
    		Security update for libvirt (Important)
    2020-12-01
    oval:org.opensuse.security:def:25848
    P
    		Security update for flex, at, bogofilter, cyrus-imapd, kdelibs4, libQtWebKit4, libbonobo, mdbtools, netpbm, openslp, sgmltool, virtuoso, libqt5-qtwebkit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26004
    P
    		Security update for shotwell (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26003
    P
    		Security update for yaml-cpp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26676
    P
    		cifs-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25228
    P
    		Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31854
    P
    		Security update for cracklib (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32014
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:32055
    P
    		Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:31978
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:32660
    P
    		fetchmail on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31009
    P
    		Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26351
    P
    		Security update for mongodb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26296
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26325
    P
    		Security update for Chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26901
    P
    		g3utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25487
    P
    		Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25297
    P
    		Security update for libX11 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25431
    P
    		Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25422
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:32302
    P
    		Security update for python (Important)
    2020-12-01
    oval:org.opensuse.security:def:32383
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31454
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31451
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26639
    P
    		star on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26437
    P
    		Security update for enigmail (Important)
    2020-12-01
    oval:org.opensuse.security:def:26548
    P
    		freetype2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27095
    P
    		cifs-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25647
    P
    		Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25563
    P
    		Security update for xrdp (Important)
    2020-12-01
    oval:org.opensuse.security:def:25570
    P
    		Security update for mailman (Important)
    2020-12-01
    oval:org.opensuse.security:def:25711
    P
    		Security update for python-aws-sam-translator, python-boto3, python-botocore, python-cfn-lint, python-jsonschema, python-nose2, python-parameterized, python-pathlib2, python-pytest-cov, python-requests, python-s3transfer (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25710
    P
    		Security update for log4j (Important)
    2020-12-01
    oval:org.opensuse.security:def:32404
    P
    		Security update for w3m (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32412
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:20051
    P
    		DSA-1291-2 samba
    2014-06-23
    oval:org.mitre.oval:def:22405
    P
    		ELSA-2007:0354: samba security update (Critical)
    2014-05-26
    oval:org.mitre.oval:def:11415
    V
    		Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
    2013-04-29
    oval:com.redhat.rhsa:def:20070354
    P
    		RHSA-2007:0354: samba security update (Critical)
    2008-03-20
    oval:org.debian:def:1291
    V
    		several vulnerabilities
    2007-05-15
    BACK
    samba samba 3.0.0
    samba samba 3.0.1
    samba samba 3.0.2
    samba samba 3.0.2a
    samba samba 3.0.10
    samba samba 3.0.11
    samba samba 3.0.12
    samba samba 3.0.13
    samba samba 3.0.14
    samba samba 3.0.14a
    samba samba 3.0.15
    samba samba 3.0.16
    samba samba 3.0.17
    samba samba 3.0.18
    samba samba 3.0.19
    samba samba 3.0.20
    samba samba 3.0.20a
    samba samba 3.0.20b
    samba samba 3.0.21
    samba samba 3.0.21a
    samba samba 3.0.21b
    samba samba 3.0.21c
    samba samba 3.0.22
    samba samba 3.0.23
    samba samba 3.0.23a
    samba samba 3.0.23b
    samba samba 3.0.23c
    samba samba 3.0.23d
    samba samba 3.0.24
    samba samba 3.0.25 pre1
    samba samba 3.0.25 pre2
    samba samba 3.0.25 rc1
    samba samba 3.0.25 rc2
    samba samba 3.0.25 rc3
    samba samba 3.0.1
    samba samba 3.0.2 -
    samba samba 3.0.10
    xerox workcentre 7655
    xerox workcentre 7665
    samba samba 3.0.2a
    samba samba 3.0.0
    samba samba 3.0.11
    samba samba 3.0.12
    samba samba 3.0.14 -
    samba samba 3.0.14a
    samba samba 3.0.15
    samba samba 3.0.16
    samba samba 3.0.17
    samba samba 3.0.18
    samba samba 3.0.19
    samba samba 3.0.20 -
    samba samba 3.0.20a
    samba samba 3.0.20b
    samba samba 3.0.21 -
    samba samba 3.0.22
    samba samba 3.0.23 -
    samba samba 3.0.23a
    samba samba 3.0.23b
    samba samba 3.0.23c
    samba samba 3.0.23d
    samba samba 3.0.24
    samba samba 3.0.21a
    samba samba 3.0.21b
    samba samba 3.0.21c
    samba samba 3.0.13
    samba samba 3.0.25 pre1
    samba samba 3.0.25 pre2
    samba samba 3.0.25 rc1
    samba samba 3.0.25 rc2
    samba samba 3.0.25 rc3
    openpkg openpkg current
    gentoo linux *
    suse linux enterprise server 8
    turbolinux turbolinux 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    hp hp-ux b.11.11
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    turbolinux turbolinux 10
    sun solaris 9
    redhat enterprise linux 3
    hp hp-ux b.11.23
    turbolinux turbolinux 10
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    apple mac os x 10.3.9
    apple mac os x server 10.3.9
    novell open enterprise server *
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    xerox workcentre pro 232
    xerox workcentre pro 238
    xerox workcentre pro 245
    xerox workcentre pro 255
    xerox workcentre pro 265
    xerox workcentre pro 275
    xerox workcentre 232
    xerox workcentre 238
    xerox workcentre 245
    xerox workcentre 255
    xerox workcentre 265
    xerox workcentre 275
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    canonical ubuntu 6.10
    vmware esx server 3.0.0
    suse novell linux pos 9
    turbolinux turbolinux fuji
    turbolinux turbolinux *
    turbolinux turbolinux *
    turbolinux turbolinux *
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    hp hp-ux b.11.31
    redhat enterprise linux 5
    apple mac os x 10.4.10
    apple mac os x server 10.4.10
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    vmware esx server 2.5.4
    novell open enterprise server *
    vmware esx server 2.0.2
    vmware esx server 2.1.3
    novell opensuse 10.2
    sun solaris 9
    samba samba 3.0.1
    samba samba 3.0.2
    samba samba 3.0.10
    xerox workcentre 7655
    xerox workcentre 7665
    samba samba 3.0.2a
    samba samba 3.0.0
    samba samba 3.0.11
    samba samba 3.0.12
    samba samba 3.0.14
    samba samba 3.0.14a
    samba samba 3.0.15
    samba samba 3.0.16
    samba samba 3.0.17
    samba samba 3.0.18
    samba samba 3.0.19
    samba samba 3.0.20
    samba samba 3.0.20a
    samba samba 3.0.20b
    samba samba 3.0.21
    samba samba 3.0.22
    samba samba 3.0.23
    samba samba 3.0.23a
    samba samba 3.0.23b
    samba samba 3.0.23c
    samba samba 3.0.23d
    samba samba 3.0.24
    samba samba 3.0.21a
    samba samba 3.0.21b
    samba samba 3.0.21c
    samba samba 3.0.13
    samba samba 3.0.25 pre1
    samba samba 3.0.25 pre2
    samba samba 3.0.25 rc1
    samba samba 3.0.25 rc2
    samba samba 3.0.25 rc3
    openpkg openpkg current
    gentoo linux *
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    hp hp-ux b.11.11
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    sun solaris 9
    redhat enterprise linux 3
    hp hp-ux b.11.23
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    apple mac os x 10.3.9
    apple mac os x server 10.3.9
    novell open enterprise server *
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    xerox workcentre pro 232
    xerox workcentre pro 238
    xerox workcentre pro 245
    xerox workcentre pro 255
    xerox workcentre pro 265
    xerox workcentre pro 275
    xerox workcentre 232
    xerox workcentre 238
    xerox workcentre 245
    xerox workcentre 255
    xerox workcentre 265
    xerox workcentre 275
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 8.0
    vmware esx server 3.0.0
    suse novell linux pos 9
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *
    turbolinux turbolinux appliance server 1.0_hosting_edition
    turbolinux turbolinux appliance server 1.0_workgroup_edition
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    hp hp-ux b.11.31
    redhat enterprise linux 5
    apple mac os x 10.4.10
    apple mac os x server 10.4.10
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    vmware esx server 2.5.4
    novell open enterprise server *
    vmware esx server 2.0.2
    vmware esx server 2.1.3
    vmware esx server 2.5.3
    novell opensuse 10.2
    sun solaris 9
    samba samba 3.0.1
    samba samba 3.0.2
    samba samba 3.0.10
    xerox workcentre 7655
    xerox workcentre 7665
    samba samba 3.0.2a
    samba samba 3.0.0
    samba samba 3.0.11
    samba samba 3.0.12
    samba samba 3.0.14
    samba samba 3.0.14a
    samba samba 3.0.15
    samba samba 3.0.16
    samba samba 3.0.17
    samba samba 3.0.18
    samba samba 3.0.19
    samba samba 3.0.20
    samba samba 3.0.20a
    samba samba 3.0.20b
    samba samba 3.0.21
    samba samba 3.0.22
    samba samba 3.0.23
    samba samba 3.0.23a
    samba samba 3.0.23b
    samba samba 3.0.23c
    samba samba 3.0.23d
    samba samba 3.0.24
    samba samba 3.0.21a
    samba samba 3.0.21b
    samba samba 3.0.21c
    samba samba 3.0.13
    samba samba 3.0.25 pre1
    samba samba 3.0.25 pre2
    samba samba 3.0.25 rc1
    samba samba 3.0.25 rc2
    samba samba 3.0.25 rc3
    openpkg openpkg current
    gentoo linux *
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    hp hp-ux b.11.11
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    sun solaris 9
    redhat enterprise linux 3
    hp hp-ux b.11.23
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    apple mac os x 10.3.9
    apple mac os x server 10.3.9
    novell open enterprise server *
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    xerox workcentre pro 232
    xerox workcentre pro 238
    xerox workcentre pro 245
    xerox workcentre pro 255
    xerox workcentre pro 265
    xerox workcentre pro 275
    xerox workcentre 232
    xerox workcentre 238
    xerox workcentre 245
    xerox workcentre 255
    xerox workcentre 265
    xerox workcentre 275
    canonical ubuntu 6.06
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 8.0
    vmware esx server 3.0.0
    suse novell linux pos 9
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux home *
    turbolinux turbolinux multimedia *
    turbolinux turbolinux appliance server 1.0_hosting_edition
    turbolinux turbolinux appliance server 1.0_workgroup_edition
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    hp hp-ux b.11.31
    redhat enterprise linux 5
    apple mac os x 10.4.10
    apple mac os x server 10.4.10
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    vmware esx server 2.5.4
    novell open enterprise server *
    vmware esx server 2.0.2
    vmware esx server 2.1.3
    vmware esx server 2.5.3
    novell opensuse 10.2
    sun solaris 9
    samba samba 3.0.1
    samba samba 3.0.2
    samba samba 3.0.10
    xerox workcentre 7655
    xerox workcentre 7665
    samba samba 3.0.2 a
    samba samba 3.0.0
    samba samba 3.0.11
    samba samba 3.0.12
    samba samba 3.0.14
    samba samba 3.0.14 a
    samba samba 3.0.15
    samba samba 3.0.16
    samba samba 3.0.17
    samba samba 3.0.18
    samba samba 3.0.19
    samba samba 3.0.20
    samba samba 3.0.20 a
    samba samba 3.0.20 b
    samba samba 3.0.21
    samba samba 3.0.22
    samba samba 3.0.23
    samba samba 3.0.23 a
    samba samba 3.0.23 b
    samba samba 3.0.23 c
    samba samba 3.0.23 d
    samba samba 3.0.24
    samba samba 3.0.21 a
    samba samba 3.0.21 b
    samba samba 3.0.21 c
    samba samba 3.0.13
    samba samba 3.0.25 pre1
    samba samba 3.0.25 pre2
    samba samba 3.0.25 rc1
    samba samba 3.0.25 rc2
    samba samba 3.0.25 rc3
    openpkg openpkg current
    gentoo linux -
    suse linux enterprise server 8
    turbolinux turbolinux 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    hp hp-ux b.11.11
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    turbolinux turbolinux 10
    sun solaris 9
    redhat enterprise linux 3
    hp hp-ux b.11.23
    turbolinux turbolinux 10
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    apple mac os x 10.3.9
    apple mac os x server 10.3.9
    novell open enterprise server -
    sun solaris 10
    sun solaris 10
    redhat linux advanced workstation 2.1
    xerox workcentre pro 232
    xerox workcentre pro 238
    xerox workcentre pro 245
    xerox workcentre pro 255
    xerox workcentre pro 265
    xerox workcentre pro 275