Vulnerability Details : CVE-2007-6015
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-6015
- cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.8a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6015
42.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6015
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-6015
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6015
-
http://marc.info/?l=bugtraq&m=120524782005154&w=2
'[security bulletin] HPSBUX02316 SSRT071495 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Exec' - MARC
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html
[SECURITY] Fedora 8 Update: samba-3.0.28-0.fc8
-
http://www.vupen.com/english/advisories/2008/1712/references
Site en construction
-
http://www.us-cert.gov/cas/techalerts/TA08-043B.html
Page Not Found | CISAUS Government Resource
-
http://security.gentoo.org/glsa/glsa-200712-10.xml
Samba: Execution of arbitrary code (GLSA 200712-10) — Gentoo security
-
http://secunia.com/advisories/28003
About Secunia Research | Flexera
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605
404 Not Found
-
http://secunia.com/advisories/28028
About Secunia Research | Flexera
-
http://secunia.com/advisories/27977
About Secunia Research | Flexera
-
http://www.redhat.com/support/errata/RHSA-2007-1117.html
Support
-
http://www.ubuntu.com/usn/usn-556-1
USN-556-1: Samba vulnerability | Ubuntu security notices | Ubuntu
-
http://secunia.com/advisories/28037
About Secunia Research | Flexera
-
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657
-
http://www.redhat.com/support/errata/RHSA-2007-1114.html
SupportPatch
-
http://www.securityfocus.com/bid/26791
-
http://secunia.com/advisories/28029
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2008/1908
Site en construction
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html
[SECURITY] Fedora 7 Update: samba-3.0.28-0.fc7
-
http://secunia.com/advisories/29341
About Secunia Research | Flexera
-
http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
Apple - Lists.apple.com
-
http://www.securitytracker.com/id?1019065
Access Denied
-
http://www.novell.com/linux/security/advisories/2007_68_samba.html
Security - Support | SUSE
-
http://secunia.com/advisories/27760
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/27999
About Secunia Research | Flexera
-
http://www.securityfocus.com/archive/1/484827/100/0/threaded
-
http://secunia.com/advisories/28089
About Secunia Research | Flexera
-
http://www.securityfocus.com/archive/1/484818/100/0/threaded
-
http://www.securityfocus.com/archive/1/485144/100/0/threaded
-
http://secunia.com/advisories/28067
About Secunia Research | Flexera
-
http://secunia.com/secunia_research/2007-99/advisory/
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2008/0859/references
Site en construction
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:244
Mandriva
-
http://secunia.com/advisories/28891
About Secunia Research | Flexera
-
http://secunia.com/advisories/30835
About Secunia Research | Flexera
-
http://secunia.com/advisories/27993
About Secunia Research | Flexera
-
http://bugs.gentoo.org/show_bug.cgi?id=200773
200773 – (CVE-2007-6015) net-fs/samba < 3.0.28 send_mailslot() "SAMLOGON" Buffer overflow (CVE-2007-6015)
-
http://secunia.com/advisories/30484
About Secunia Research | Flexera
-
http://www.securityfocus.com/archive/1/484825/100/0/threaded
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554
The Slackware Linux Project: Slackware Security Advisories
-
http://www.vupen.com/english/advisories/2008/0495/references
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572
404 Not Found
-
http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm
ASA-2007-520 (RHSA-2007-1114)
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1
-
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
502 Bad Gateway
-
http://www.vupen.com/english/advisories/2008/0637
Site en construction
-
http://secunia.com/advisories/27894
About Secunia Research | Flexera
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38965
Samba send_mailslot function buffer overflow CVE-2007-6015 Vulnerability Report
-
https://issues.rpath.com/browse/RPL-1976
-
http://docs.info.apple.com/article.html?artnum=307430
-
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1
-
http://www.securityfocus.com/archive/1/488457/100/0/threaded
-
http://securityreason.com/securityalert/3438
Samba "send_mailslot()" Buffer OverflowVulnerability - CXSecurity.com
-
http://www.kb.cert.org/vuls/id/438395
VU#438395 - Samba "send_mailslot()" function buffer overflowUS Government Resource
-
http://www.vupen.com/english/advisories/2007/4153
Site en construction
-
http://www.samba.org/samba/security/CVE-2007-6015.html
Samba - Security Announcement ArchivePatch
-
http://secunia.com/advisories/29032
About Secunia Research | Flexera
-
http://www.debian.org/security/2007/dsa-1427
[SECURITY] [DSA 1427-1] New samba packages fix arbitrary code execution
Jump to