Vulnerability Details : CVE-2007-6015
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-6015
- cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.8a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:2.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6015
97.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6015
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-6015
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6015
-
http://marc.info/?l=bugtraq&m=120524782005154&w=2
'[security bulletin] HPSBUX02316 SSRT071495 rev.1 - HP-UX running HP CIFS Server (Samba), Remote Exec' - MARC
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html
[SECURITY] Fedora 8 Update: samba-3.0.28-0.fc8
-
http://www.vupen.com/english/advisories/2008/1712/references
Site en construction
-
http://www.us-cert.gov/cas/techalerts/TA08-043B.html
Page Not Found | CISAUS Government Resource
-
http://security.gentoo.org/glsa/glsa-200712-10.xml
Samba: Execution of arbitrary code (GLSA 200712-10) — Gentoo security
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2007-1117.html
Support
-
http://www.ubuntu.com/usn/usn-556-1
USN-556-1: Samba vulnerability | Ubuntu security notices | Ubuntu
-
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657
-
http://www.redhat.com/support/errata/RHSA-2007-1114.html
SupportPatch
-
http://www.securityfocus.com/bid/26791
-
http://www.vupen.com/english/advisories/2008/1908
Site en construction
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html
[SECURITY] Fedora 7 Update: samba-3.0.28-0.fc7
-
http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
Apple - Lists.apple.com
-
http://www.securitytracker.com/id?1019065
Access Denied
-
http://www.novell.com/linux/security/advisories/2007_68_samba.html
Security - Support | SUSE
-
http://www.securityfocus.com/archive/1/484827/100/0/threaded
-
http://www.securityfocus.com/archive/1/484818/100/0/threaded
-
http://www.securityfocus.com/archive/1/485144/100/0/threaded
-
http://www.vupen.com/english/advisories/2008/0859/references
Site en construction
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:244
Mandriva
-
http://bugs.gentoo.org/show_bug.cgi?id=200773
200773 – (CVE-2007-6015) net-fs/samba < 3.0.28 send_mailslot() "SAMLOGON" Buffer overflow (CVE-2007-6015)
-
http://www.securityfocus.com/archive/1/484825/100/0/threaded
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554
The Slackware Linux Project: Slackware Security Advisories
-
http://www.vupen.com/english/advisories/2008/0495/references
Site en construction
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572
404 Not Found
-
http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm
ASA-2007-520 (RHSA-2007-1114)
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1
-
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
502 Bad Gateway
-
http://www.vupen.com/english/advisories/2008/0637
Site en construction
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38965
Samba send_mailslot function buffer overflow CVE-2007-6015 Vulnerability Report
-
https://issues.rpath.com/browse/RPL-1976
-
http://docs.info.apple.com/article.html?artnum=307430
-
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1
-
http://www.securityfocus.com/archive/1/488457/100/0/threaded
-
http://securityreason.com/securityalert/3438
Samba "send_mailslot()" Buffer OverflowVulnerability - CXSecurity.com
-
http://www.kb.cert.org/vuls/id/438395
VU#438395 - Samba "send_mailslot()" function buffer overflowUS Government Resource
-
http://www.vupen.com/english/advisories/2007/4153
Site en construction
-
http://www.samba.org/samba/security/CVE-2007-6015.html
Samba - Security Announcement ArchivePatch
-
http://www.debian.org/security/2007/dsa-1427
[SECURITY] [DSA 1427-1] New samba packages fix arbitrary code execution
Jump to