Vulnerability Details : CVE-2007-5398
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-5398
- cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-5398
95.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5398
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-5398
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5398
-
http://marc.info/?l=bugtraq&m=120524782005154&w=2
'[security bulletin] HPSBUX02316 SSRT071495 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Exec' - MARC
-
http://www.novell.com/linux/security/advisories/2007_65_samba.html
404 Page Not Found | SUSE
-
http://www.vupen.com/english/advisories/2008/1712/references
Site en construction
-
http://www.redhat.com/support/errata/RHSA-2007-1013.html
Support
-
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html
[SECURITY] Fedora 7 Update: samba-3.0.27-0.fc7
-
http://www.debian.org/security/2007/dsa-1409
[SECURITY] [DSA 1409-1] New samba packages fix several vulnerabilities
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237764-1
-
http://www.securityfocus.com/archive/1/483744/100/0/threaded
-
http://www.vupen.com/english/advisories/2007/4238
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.redhat.com/support/errata/RHSA-2007-1017.html
Support
-
http://docs.info.apple.com/article.html?artnum=307179
-
http://www.securityfocus.com/archive/1/486859/100/0/threaded
-
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657
-
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Page Not Found | CISAUS Government Resource
-
https://issues.rpath.com/browse/RPL-1894
-
http://www.vupen.com/english/advisories/2008/1908
Site en construction
-
http://securityreason.com/securityalert/3372
Samba "reply_netbios_packet()" Buffer Overflow Vulnerability - CXSecurity.com
-
http://www.securityfocus.com/archive/1/485936/100/0/threaded
-
http://www.vupen.com/english/advisories/2008/0064
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5811
404 Not Found
-
http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml
Samba: Execution of arbitrary code (GLSA 200711-29) — Gentoo security
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10230
404 Not Found
-
http://www.vupen.com/english/advisories/2007/3869
Site en construction
-
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
502 Bad Gateway
-
http://www.vupen.com/english/advisories/2008/0859/references
Site en construction
-
https://usn.ubuntu.com/544-1/
404: Page not found | Ubuntu
-
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
-
http://us1.samba.org/samba/security/CVE-2007-5398.html
Samba - Security Announcement Archive
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739
The Slackware Linux Project: Slackware Security Advisories
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:224
Mandriva
-
http://www.securityfocus.com/bid/26455
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38502
Samba reply_netbios_packet() buffer overflow CVE-2007-5398 Vulnerability Report
-
http://securitytracker.com/id?1018953
Access Denied
-
http://www.redhat.com/support/errata/RHSA-2007-1016.html
Support
-
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
Support Content Notification - Support Portal - Broadcom support portal
Jump to