Vulnerability Details : CVE-2007-0454
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-0454
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0454
1.91%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0454
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-0454
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-0454
-
Red Hat 2007-05-14Not vulnerable. These issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, 4, or 5.
References for CVE-2007-0454
-
http://www.ubuntu.com/usn/usn-419-1
USN-419-1: Samba vulnerabilities | Ubuntu security notices | Ubuntu
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
The Slackware Linux Project: Slackware Security Advisories
-
http://us1.samba.org/samba/security/CVE-2007-0454.html
Samba - Security Announcement Archive
-
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
-
http://www.vupen.com/english/advisories/2007/0483
Site en constructionVendor Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
Samba: Multiple vulnerabilities (GLSA 200702-01) — Gentoo security
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32304
Samba afsacl.so VFS plugin format string CVE-2007-0454 Vulnerability Report
-
http://www.securityfocus.com/archive/1/459179/100/0/threaded
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
Mandriva
-
http://www.kb.cert.org/vuls/id/649732
VU#649732 - Samba AFS ACL mapping VFS plug-in format string vulnerabilityUS Government Resource
-
http://www.debian.org/security/2007/dsa-1257
Debian -- The Universal Operating System
-
http://www.securityfocus.com/bid/22403
Patch
-
http://www.securityfocus.com/archive/1/459365/100/0/threaded
-
http://securitytracker.com/id?1017588
Access Denied
-
http://www.trustix.org/errata/2007/0007
Trustix | Empowering Trust and Security in the Digital Age
-
https://issues.rpath.com/browse/RPL-1005
Jump to