Vulnerability-Lookup

CVE-2007-6015 (GCVE-0-2007-6015)

Vulnerability from cvelistv5 – Published: 2007-12-13 21:00 – Updated: 2024-08-07 15:54

Summary

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

Severity ?

No CVSS data available.

CWE

Assigner

flexera

References

59 references

URL	Tags
http://www.redhat.com/support/errata/RHSA-2007-11…	vendor-advisoryx_refsource_REDHAT
http://docs.info.apple.com/article.html?artnum=307430	x_refsource_CONFIRM
http://lists.vmware.com/pipermail/security-announ…	mailing-listx_refsource_MLIST
http://secunia.com/advisories/28891	third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://secunia.com/advisories/30835	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29341	third-party-advisoryx_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=120524782005154&w=2	vendor-advisoryx_refsource_HP
http://www.kb.cert.org/vuls/id/438395	third-party-advisoryx_refsource_CERT-VN
http://www.securityfocus.com/bid/26791	vdb-entryx_refsource_BID
http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/usn-556-1	vendor-advisoryx_refsource_UBUNTU
http://www.vupen.com/english/advisories/2008/1908	vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/0495…	vdb-entryx_refsource_VUPEN
http://marc.info/?l=bugtraq&m=120524782005154&w=2	vendor-advisoryx_refsource_HP
http://www11.itrc.hp.com/service/cki/docDisplay.d…	vendor-advisoryx_refsource_HP
http://secunia.com/advisories/27999	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/485144/100…	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/30484	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29032	third-party-advisoryx_refsource_SECUNIA
http://www.samba.org/samba/security/CVE-2007-6015.html	x_refsource_CONFIRM
http://secunia.com/advisories/27993	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.debian.org/security/2007/dsa-1427	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/archive/1/488457/100…	mailing-listx_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://www11.itrc.hp.com/service/cki/docDisplay.d…	vendor-advisoryx_refsource_HP
http://bugs.gentoo.org/show_bug.cgi?id=200773	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/484818/100…	mailing-listx_refsource_BUGTRAQ
http://www.securitytracker.com/id?1019065	vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/27977	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0637	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/28029	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/4153	vdb-entryx_refsource_VUPEN
http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
http://secunia.com/advisories/28089	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/28003	third-party-advisoryx_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1976	x_refsource_CONFIRM
http://www.us-cert.gov/cas/techalerts/TA08-043B.html	third-party-advisoryx_refsource_CERT
http://www.redhat.com/support/errata/RHSA-2007-11…	vendor-advisoryx_refsource_REDHAT
http://securityreason.com/securityalert/3438	third-party-advisoryx_refsource_SREASON
http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/27894	third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://secunia.com/advisories/27760	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/1712…	vdb-entryx_refsource_VUPEN
http://secunia.com/secunia_research/2007-99/advisory/	x_refsource_MISC
http://secunia.com/advisories/28067	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/28037	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0859…	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/484825/100…	mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/484827/100…	mailing-listx_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://secunia.com/advisories/28028	third-party-advisoryx_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://security.gentoo.org/glsa/glsa-200712-10.xml	vendor-advisoryx_refsource_GENTOO

Date Public ?

2007-12-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:54:25.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:1117",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1117.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307430"
          },
          {
            "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
          },
          {
            "name": "28891",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28891"
          },
          {
            "name": "1019295",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1"
          },
          {
            "name": "30835",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30835"
          },
          {
            "name": "29341",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29341"
          },
          {
            "name": "HPSBUX02316",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2"
          },
          {
            "name": "VU#438395",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/438395"
          },
          {
            "name": "26791",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26791"
          },
          {
            "name": "238251",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1"
          },
          {
            "name": "SUSE-SA:2007:068",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_68_samba.html"
          },
          {
            "name": "USN-556-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-556-1"
          },
          {
            "name": "ADV-2008-1908",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1908"
          },
          {
            "name": "ADV-2008-0495",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0495/references"
          },
          {
            "name": "SSRT071495",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2"
          },
          {
            "name": "HPSBUX02341",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657"
          },
          {
            "name": "27999",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27999"
          },
          {
            "name": "20071214 POC for samba send_mailslot()",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/485144/100/0/threaded"
          },
          {
            "name": "30484",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30484"
          },
          {
            "name": "29032",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29032"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.samba.org/samba/security/CVE-2007-6015.html"
          },
          {
            "name": "27993",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27993"
          },
          {
            "name": "samba-sendmailslot-bo(38965)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38965"
          },
          {
            "name": "DSA-1427",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1427"
          },
          {
            "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
          },
          {
            "name": "MDKSA-2007:244",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:244"
          },
          {
            "name": "SSRT080075",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=200773"
          },
          {
            "name": "20071210 Secunia Research: Samba \"send_mailslot()\" Buffer OverflowVulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484818/100/0/threaded"
          },
          {
            "name": "1019065",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019065"
          },
          {
            "name": "27977",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27977"
          },
          {
            "name": "ADV-2008-0637",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0637"
          },
          {
            "name": "28029",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28029"
          },
          {
            "name": "ADV-2007-4153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/4153"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm"
          },
          {
            "name": "28089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28089"
          },
          {
            "name": "28003",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1976"
          },
          {
            "name": "TA08-043B",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
          },
          {
            "name": "RHSA-2007:1114",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-1114.html"
          },
          {
            "name": "3438",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3438"
          },
          {
            "name": "SSA:2007-344-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.451554"
          },
          {
            "name": "FEDORA-2007-4269",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html"
          },
          {
            "name": "FEDORA-2007-4275",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html"
          },
          {
            "name": "27894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27894"
          },
          {
            "name": "APPLE-SA-2008-02-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
          },
          {
            "name": "27760",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27760"
          },
          {
            "name": "ADV-2008-1712",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1712/references"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2007-99/advisory/"
          },
          {
            "name": "28067",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28067"
          },
          {
            "name": "28037",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28037"
          },
          {
            "name": "ADV-2008-0859",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0859/references"
          },
          {
            "name": "20071210 [SECURITY] Buffer overrun in send_mailslot()",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484825/100/0/threaded"
          },
          {
            "name": "20071210 rPSA-2007-0261-1 samba samba-swat",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/484827/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:11572",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572"
          },
          {
            "name": "28028",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28028"
          },
          {
            "name": "oval:org.mitre.oval:def:5605",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605"
          },
          {
            "name": "GLSA-200712-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200712-10.xml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-12-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \"domain logons\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "RHSA-2007:1117",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1117.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307430"
        },
        {
          "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
        },
        {
          "name": "28891",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28891"
        },
        {
          "name": "1019295",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1"
        },
        {
          "name": "30835",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30835"
        },
        {
          "name": "29341",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29341"
        },
        {
          "name": "HPSBUX02316",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2"
        },
        {
          "name": "VU#438395",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/438395"
        },
        {
          "name": "26791",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26791"
        },
        {
          "name": "238251",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1"
        },
        {
          "name": "SUSE-SA:2007:068",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_68_samba.html"
        },
        {
          "name": "USN-556-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-556-1"
        },
        {
          "name": "ADV-2008-1908",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1908"
        },
        {
          "name": "ADV-2008-0495",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0495/references"
        },
        {
          "name": "SSRT071495",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2"
        },
        {
          "name": "HPSBUX02341",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657"
        },
        {
          "name": "27999",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27999"
        },
        {
          "name": "20071214 POC for samba send_mailslot()",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/485144/100/0/threaded"
        },
        {
          "name": "30484",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30484"
        },
        {
          "name": "29032",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29032"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.samba.org/samba/security/CVE-2007-6015.html"
        },
        {
          "name": "27993",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27993"
        },
        {
          "name": "samba-sendmailslot-bo(38965)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38965"
        },
        {
          "name": "DSA-1427",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1427"
        },
        {
          "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
        },
        {
          "name": "MDKSA-2007:244",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:244"
        },
        {
          "name": "SSRT080075",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=200773"
        },
        {
          "name": "20071210 Secunia Research: Samba \"send_mailslot()\" Buffer OverflowVulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/484818/100/0/threaded"
        },
        {
          "name": "1019065",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019065"
        },
        {
          "name": "27977",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27977"
        },
        {
          "name": "ADV-2008-0637",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0637"
        },
        {
          "name": "28029",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28029"
        },
        {
          "name": "ADV-2007-4153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/4153"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm"
        },
        {
          "name": "28089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28089"
        },
        {
          "name": "28003",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1976"
        },
        {
          "name": "TA08-043B",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
        },
        {
          "name": "RHSA-2007:1114",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-1114.html"
        },
        {
          "name": "3438",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3438"
        },
        {
          "name": "SSA:2007-344-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.451554"
        },
        {
          "name": "FEDORA-2007-4269",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html"
        },
        {
          "name": "FEDORA-2007-4275",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html"
        },
        {
          "name": "27894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27894"
        },
        {
          "name": "APPLE-SA-2008-02-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
        },
        {
          "name": "27760",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27760"
        },
        {
          "name": "ADV-2008-1712",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1712/references"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2007-99/advisory/"
        },
        {
          "name": "28067",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28067"
        },
        {
          "name": "28037",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28037"
        },
        {
          "name": "ADV-2008-0859",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0859/references"
        },
        {
          "name": "20071210 [SECURITY] Buffer overrun in send_mailslot()",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/484825/100/0/threaded"
        },
        {
          "name": "20071210 rPSA-2007-0261-1 samba samba-swat",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/484827/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:11572",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572"
        },
        {
          "name": "28028",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28028"
        },
        {
          "name": "oval:org.mitre.oval:def:5605",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605"
        },
        {
          "name": "GLSA-200712-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200712-10.xml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2007-6015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \"domain logons\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2007:1117",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1117.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307430",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307430"
            },
            {
              "name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
            },
            {
              "name": "28891",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28891"
            },
            {
              "name": "1019295",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1"
            },
            {
              "name": "30835",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30835"
            },
            {
              "name": "29341",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29341"
            },
            {
              "name": "HPSBUX02316",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2"
            },
            {
              "name": "VU#438395",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/438395"
            },
            {
              "name": "26791",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26791"
            },
            {
              "name": "238251",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1"
            },
            {
              "name": "SUSE-SA:2007:068",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_68_samba.html"
            },
            {
              "name": "USN-556-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-556-1"
            },
            {
              "name": "ADV-2008-1908",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1908"
            },
            {
              "name": "ADV-2008-0495",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0495/references"
            },
            {
              "name": "SSRT071495",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2"
            },
            {
              "name": "HPSBUX02341",
              "refsource": "HP",
              "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657"
            },
            {
              "name": "27999",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27999"
            },
            {
              "name": "20071214 POC for samba send_mailslot()",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/485144/100/0/threaded"
            },
            {
              "name": "30484",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30484"
            },
            {
              "name": "29032",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29032"
            },
            {
              "name": "http://www.samba.org/samba/security/CVE-2007-6015.html",
              "refsource": "CONFIRM",
              "url": "http://www.samba.org/samba/security/CVE-2007-6015.html"
            },
            {
              "name": "27993",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27993"
            },
            {
              "name": "samba-sendmailslot-bo(38965)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38965"
            },
            {
              "name": "DSA-1427",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1427"
            },
            {
              "name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
            },
            {
              "name": "MDKSA-2007:244",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:244"
            },
            {
              "name": "SSRT080075",
              "refsource": "HP",
              "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=200773",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=200773"
            },
            {
              "name": "20071210 Secunia Research: Samba \"send_mailslot()\" Buffer OverflowVulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/484818/100/0/threaded"
            },
            {
              "name": "1019065",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019065"
            },
            {
              "name": "27977",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27977"
            },
            {
              "name": "ADV-2008-0637",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0637"
            },
            {
              "name": "28029",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28029"
            },
            {
              "name": "ADV-2007-4153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/4153"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm"
            },
            {
              "name": "28089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28089"
            },
            {
              "name": "28003",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28003"
            },
            {
              "name": "https://issues.rpath.com/browse/RPL-1976",
              "refsource": "CONFIRM",
              "url": "https://issues.rpath.com/browse/RPL-1976"
            },
            {
              "name": "TA08-043B",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
            },
            {
              "name": "RHSA-2007:1114",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2007-1114.html"
            },
            {
              "name": "3438",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3438"
            },
            {
              "name": "SSA:2007-344-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.451554"
            },
            {
              "name": "FEDORA-2007-4269",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html"
            },
            {
              "name": "FEDORA-2007-4275",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html"
            },
            {
              "name": "27894",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27894"
            },
            {
              "name": "APPLE-SA-2008-02-11",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
            },
            {
              "name": "27760",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27760"
            },
            {
              "name": "ADV-2008-1712",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1712/references"
            },
            {
              "name": "http://secunia.com/secunia_research/2007-99/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2007-99/advisory/"
            },
            {
              "name": "28067",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28067"
            },
            {
              "name": "28037",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28037"
            },
            {
              "name": "ADV-2008-0859",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0859/references"
            },
            {
              "name": "20071210 [SECURITY] Buffer overrun in send_mailslot()",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/484825/100/0/threaded"
            },
            {
              "name": "20071210 rPSA-2007-0261-1 samba samba-swat",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/484827/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:11572",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572"
            },
            {
              "name": "28028",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28028"
            },
            {
              "name": "oval:org.mitre.oval:def:5605",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605"
            },
            {
              "name": "GLSA-200712-10",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200712-10.xml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2007-6015",
    "datePublished": "2007-12-13T21:00:00.000Z",
    "dateReserved": "2007-11-19T00:00:00.000Z",
    "dateUpdated": "2024-08-07T15:54:25.651Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2007-6015",
      "date": "2026-05-19",
      "epss": "0.48861",
      "percentile": "0.978"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76D03B96-8FF3-4FC6-BC38-288F3ADBA9BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDF2248C-5A71-49FC-88F4-2D1F376155FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4FD10B2-ED2D-4F55-8F0E-77429C8A716E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8F15704-2F2B-4536-A2A0-510B5CE91D09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93AF43FA-9947-4F26-96E8-1D77BF909AA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4A46D8D-1535-400B-B1CD-AA2685F4164D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CB46ABA-F403-4715-915D-870BD221C8FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFD51F01-B47A-47F5-8798-2EB53EB17297\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C127A2E6-F94F-41D5-82AA-60C0190186BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61291A4C-28A3-433B-80D2-005976851882\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65AC9643-E1A5-4013-9607-17C6CC7CC63B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"090E2541-2DBA-41CB-A792-9E703C797949\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19F65FF3-71F8-4278-A823-A6E0FF65D9F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C71CB60-2689-4A4A-9509-E2F3135E6491\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0129E404-3AE8-4F0E-89CB-7F2FA5B47011\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"614547F5-9C3F-489B-9B72-91B0FF646CCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A052141C-874D-4ED0-99FB-D7468FACFC6E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9739EA65-9FA8-425E-B355-E690773D5B1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B618F94-DAC2-4A97-9F7F-8BCEA3199769\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEE7C057-B024-4417-B572-5D396366620E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34DC3500-F8F0-46E1-B0AA-C2474CCB3DAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFCD334C-FB95-41A6-8F4C-FCC4E70CE930\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.8a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"75C86202-3150-440C-B048-BB039E9D3606\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98CAF474-0C3A-4E49-8CF8-9DF14D84CDCC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C92304DE-CFBB-4C03-AA7F-54DB3C14ECF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:2.2.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04F39AA5-9048-4EE9-B0F2-CE679C673F0E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F84FB25B-5EA5-48DC-B528-E8CCF714C919\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"216145B7-4716-42F7-90DC-03884ECB2271\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"898968E5-577E-4B86-A804-EBEC67157A61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"920EF846-41D1-429D-AF0F-3D7950F93069\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13E6C8A4-FA17-44EF-A447-C73108540B59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"57D5EA00-CC2E-4E56-8297-A3C1CEDBBE06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"50E05AD3-C7F0-421D-8C9B-604E553332E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A53517C-F12D-4D74-A722-5AE23598CEC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BF4A0A7-E176-4009-BAA2-E23B330D91A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42EB6115-CC45-4464-8400-D7E3A9402803\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F002F105-A911-4E56-8630-C287DC527E05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1936E19-9887-4E53-AA0C-738ABD4B97EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2206C09-6A4B-4EC4-A206-E48EDF966913\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B918306-8743-404D-A035-CC3997ADCC3C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43684906-D3AA-40FB-A75D-ED65C1DC9BB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62E39538-4811-49DB-97CF-1F018C58BAE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C85D69FE-AF43-4B0E-A7A9-2D2C16426180\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86347948-C08F-4F02-89A0-4F4A55CD4BA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CA7905C-51A0-4A56-A6A5-330288613055\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AE85033-0658-4D60-8C7A-6E2BD63AFDCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4600AAA4-834D-4F63-8E9A-88CB555C029E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"54FE8D2E-AF0D-4C84-A5BC-2CE6759B534C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BFA3B82-9440-49E1-8088-FA22C0B7DD88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0762B1DA-7232-478D-805F-5E2A50F8BEAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F22FC74-5999-4158-A253-674BF1C21E2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0EEB31C4-5352-4905-8D9E-BD754991F07E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0BE2AEC-6ACD-422C-AD20-6C034D68C891\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"101163D7-D440-43CC-8704-A9614CD8CEE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0E4811D-3387-4838-94A0-1BD7F3C9C3D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B69EA9CF-627C-4600-B4EC-10E91DB07E1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AF740A1-0BEC-4E29-9C74-F1F906EF3EC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99A8D6D8-A207-498F-8DB2-EB7ED842CE1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70BB5BA1-F499-40FC-80F6-B3CD2F1BB074\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A973443-C497-41FB-AF47-529AA2906CCF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BEE83D0-8377-49FB-AC7D-3B5E9DB6918B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \\\"domain logons\\\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en pila en la funci\\u00f3n send_mailslot de nmbd en Samba 3.0.0 hasta 3.0.27a, cuando la opci\\u00f3n \\\"inicios de sesi\\u00f3n de dominio\\\" est\\u00e1 habilitada, permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante una petici\\u00f3n de ranura de buz\\u00f3n GETDC compuesta de una cadena larga GETDC a la que sigue un nombre de usuario en una petici\\u00f3n de inicio de sesi\\u00f3n SAMLOGON.\"}]",
      "id": "CVE-2007-6015",
      "lastModified": "2024-11-21T00:39:11.057",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-12-13T21:46:00.000",
      "references": "[{\"url\": \"http://bugs.gentoo.org/show_bug.cgi?id=200773\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://docs.info.apple.com/article.html?artnum=307430\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2008/000005.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/27760\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27894\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/27977\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/27993\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/27999\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/28003\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/28028\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/28029\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/28037\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/28067\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/28089\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/28891\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/29032\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/29341\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/30484\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/30835\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/secunia_research/2007-99/advisory/\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200712-10.xml\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://securityreason.com/securityalert/3438\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.451554\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.debian.org/security/2007/dsa-1427\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/438395\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2007:244\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_68_samba.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-1114.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-1117.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.samba.org/samba/security/CVE-2007-6015.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/484818/100/0/threaded\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484825/100/0/threaded\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484827/100/0/threaded\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/485144/100/0/threaded\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/488457/100/0/threaded\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securityfocus.com/bid/26791\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securitytracker.com/id?1019065\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-556-1\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-043B.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4153\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0495/references\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0637\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0859/references\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1712/references\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1908\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38965\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-1976\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://bugs.gentoo.org/show_bug.cgi?id=200773\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://docs.info.apple.com/article.html?artnum=307430\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.vmware.com/pipermail/security-announce/2008/000005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27760\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27894\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27977\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27993\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27999\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28003\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28028\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28029\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28037\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28067\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28089\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28891\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29032\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29341\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30484\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/30835\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/secunia_research/2007-99/advisory/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200712-10.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securityreason.com/securityalert/3438\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.451554\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2007/dsa-1427\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/438395\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2007:244\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_68_samba.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-1114.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-1117.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.samba.org/samba/security/CVE-2007-6015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/484818/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484825/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/484827/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/485144/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/488457/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26791\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019065\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-556-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA08-043B.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/4153\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0495/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0637\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0859/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1712/references\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/1908\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38965\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-1976\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-6015\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2007-12-13T21:46:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \\\"domain logons\\\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n send_mailslot de nmbd en Samba 3.0.0 hasta 3.0.27a, cuando la opci\u00f3n \\\"inicios de sesi\u00f3n de dominio\\\" est\u00e1 habilitada, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n de ranura de buz\u00f3n GETDC compuesta de una cadena larga GETDC a la que sigue un nombre de usuario en una petici\u00f3n de inicio de sesi\u00f3n SAMLOGON.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76D03B96-8FF3-4FC6-BC38-288F3ADBA9BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDF2248C-5A71-49FC-88F4-2D1F376155FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4FD10B2-ED2D-4F55-8F0E-77429C8A716E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8F15704-2F2B-4536-A2A0-510B5CE91D09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93AF43FA-9947-4F26-96E8-1D77BF909AA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4A46D8D-1535-400B-B1CD-AA2685F4164D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CB46ABA-F403-4715-915D-870BD221C8FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFD51F01-B47A-47F5-8798-2EB53EB17297\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C127A2E6-F94F-41D5-82AA-60C0190186BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61291A4C-28A3-433B-80D2-005976851882\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65AC9643-E1A5-4013-9607-17C6CC7CC63B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090E2541-2DBA-41CB-A792-9E703C797949\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19F65FF3-71F8-4278-A823-A6E0FF65D9F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C71CB60-2689-4A4A-9509-E2F3135E6491\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0129E404-3AE8-4F0E-89CB-7F2FA5B47011\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"614547F5-9C3F-489B-9B72-91B0FF646CCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A052141C-874D-4ED0-99FB-D7468FACFC6E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9739EA65-9FA8-425E-B355-E690773D5B1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B618F94-DAC2-4A97-9F7F-8BCEA3199769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEE7C057-B024-4417-B572-5D396366620E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34DC3500-F8F0-46E1-B0AA-C2474CCB3DAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFCD334C-FB95-41A6-8F4C-FCC4E70CE930\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.8a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75C86202-3150-440C-B048-BB039E9D3606\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98CAF474-0C3A-4E49-8CF8-9DF14D84CDCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C92304DE-CFBB-4C03-AA7F-54DB3C14ECF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:2.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04F39AA5-9048-4EE9-B0F2-CE679C673F0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F84FB25B-5EA5-48DC-B528-E8CCF714C919\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"216145B7-4716-42F7-90DC-03884ECB2271\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"898968E5-577E-4B86-A804-EBEC67157A61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"920EF846-41D1-429D-AF0F-3D7950F93069\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13E6C8A4-FA17-44EF-A447-C73108540B59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57D5EA00-CC2E-4E56-8297-A3C1CEDBBE06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50E05AD3-C7F0-421D-8C9B-604E553332E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A53517C-F12D-4D74-A722-5AE23598CEC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BF4A0A7-E176-4009-BAA2-E23B330D91A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42EB6115-CC45-4464-8400-D7E3A9402803\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F002F105-A911-4E56-8630-C287DC527E05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1936E19-9887-4E53-AA0C-738ABD4B97EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2206C09-6A4B-4EC4-A206-E48EDF966913\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B918306-8743-404D-A035-CC3997ADCC3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43684906-D3AA-40FB-A75D-ED65C1DC9BB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62E39538-4811-49DB-97CF-1F018C58BAE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C85D69FE-AF43-4B0E-A7A9-2D2C16426180\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86347948-C08F-4F02-89A0-4F4A55CD4BA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CA7905C-51A0-4A56-A6A5-330288613055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AE85033-0658-4D60-8C7A-6E2BD63AFDCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4600AAA4-834D-4F63-8E9A-88CB555C029E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54FE8D2E-AF0D-4C84-A5BC-2CE6759B534C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BFA3B82-9440-49E1-8088-FA22C0B7DD88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0762B1DA-7232-478D-805F-5E2A50F8BEAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F22FC74-5999-4158-A253-674BF1C21E2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EEB31C4-5352-4905-8D9E-BD754991F07E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0BE2AEC-6ACD-422C-AD20-6C034D68C891\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"101163D7-D440-43CC-8704-A9614CD8CEE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0E4811D-3387-4838-94A0-1BD7F3C9C3D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B69EA9CF-627C-4600-B4EC-10E91DB07E1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF740A1-0BEC-4E29-9C74-F1F906EF3EC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99A8D6D8-A207-498F-8DB2-EB7ED842CE1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70BB5BA1-F499-40FC-80F6-B3CD2F1BB074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A973443-C497-41FB-AF47-529AA2906CCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BEE83D0-8377-49FB-AC7D-3B5E9DB6918B\"}]}]}],\"references\":[{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=200773\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307430\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2008/000005.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/27760\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27894\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/27977\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/27993\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/27999\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/28003\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/28028\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/28029\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/28037\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/28067\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/28089\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/28891\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/29032\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/29341\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30484\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/30835\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/secunia_research/2007-99/advisory/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200712-10.xml\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://securityreason.com/securityalert/3438\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.451554\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1427\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/438395\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:244\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_68_samba.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-1114.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-1117.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.samba.org/samba/security/CVE-2007-6015.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/484818/100/0/threaded\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/484825/100/0/threaded\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/484827/100/0/threaded\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/485144/100/0/threaded\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/488457/100/0/threaded\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/bid/26791\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securitytracker.com/id?1019065\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-556-1\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-043B.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/4153\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0495/references\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0637\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0859/references\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1712/references\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1908\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38965\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1976\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=200773\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307430\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2008/000005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27760\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27894\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27977\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27993\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28028\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28037\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28089\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28891\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29032\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29341\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30484\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/30835\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/secunia_research/2007-99/advisory/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200712-10.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/3438\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.451554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/438395\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2007:244\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_68_samba.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-1114.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-1117.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.samba.org/samba/security/CVE-2007-6015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/archive/1/484818/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/484825/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/484827/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/485144/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/488457/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26791\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019065\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-556-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA08-043B.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/4153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0495/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0859/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1712/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/1908\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38965\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-1976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-502

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité dans la construction de réponses d'un serveur Samba à des requêtes Netbios permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Une autre vulnérabilité, exploitable uniquement si le serveur Samba sert de contrôleur de domaine primaire ou secondaire, permet également à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Samba, versions 3.0.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité de Samba du 15 novembre 2007	None	vendor-advisory
Bulletin de sécurité Gentoo GLSA 200711-29 du 20 novembre 2007 :	-	other
Bulletin de sécurité Fedora 3402 du 15 novembre 2007 :	-	other
Bulletin de sécurité Debian DSA-1409 du 29 novembre 2007 :	-	other
Bulletin du projet Samba du 15 novembre 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:1013 du 15 novembre 2007 :	-	other
Bulletin de sécurité HP-UX HPSBUX02316 du 10 mars 2008 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:224-1 du 21 novembre 2007 :	-	other
Bulletin de sécurité Ubuntu USN-544-1 du 15 novembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSamba, versions 3.0.x.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans la construction de r\u00e9ponses d\u0027un serveur Samba \u00e0\ndes requ\u00eates Netbios permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n\nUne autre vuln\u00e9rabilit\u00e9, exploitable uniquement si le serveur Samba sert\nde contr\u00f4leur de domaine primaire ou secondaire, permet \u00e9galement \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6015"
    },
    {
      "name": "CVE-2007-5398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5398"
    },
    {
      "name": "CVE-2007-4572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4572"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200711-29 du 20 novembre    2007 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora 3402 du 15 novembre 2007 :",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1409 du 29 novembre 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1409"
    },
    {
      "title": "Bulletin du projet Samba du 15 novembre 2007 :",
      "url": "http://us1.samba.org/samba/history/security.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:1013 du 15 novembre    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-1013.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX HPSBUX02316 du 10 mars 2008 :",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01377687"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:224-1 du 21    novembre 2007 :",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:224-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-544-1 du 15 novembre 2007 :",
      "url": "http://www.ubuntulinux.org/usn/usn-544-1"
    }
  ],
  "reference": "CERTA-2007-AVI-502",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-11-16T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva, Gentoo et Debian.",
      "revision_date": "2007-11-30T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 HP-UX.",
      "revision_date": "2008-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s dans Samba",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Samba du 15 novembre 2007",
      "url": null
    }
  ]
}

CERTA-2008-AVI-068

Vulnerability from certfr_avis - Published: - Updated:

None

Description

De nombreuses vulnérabilités découvertes dans le système d'exploitation Apple Mac OS X permettent à un utilisateur malintentionné de porter atteinte à la confidentialité des données, de contourner la politique de sécurité, de provoquer un déni de service, d'élever ses privilèges et d'éxécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X Server v10.4.11 ;
N/A	N/A	Mac OS X Server v10.5.1.
N/A	N/A	Mac OS X Server v10.5 ;
N/A	N/A	Mac OS X v10.5 ;
N/A	N/A	Mac OS X v10.4.11 ;
N/A	N/A	Mac OS X v10.5.1 ;

References

Title

Publication Time

Tags

Bulletin de scurit Apple 307430 du 12 fvrier 2008	None	vendor-advisory
Bulletin de sécurité Apple 307430 du 12 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server v10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server v10.5.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server v10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X v10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X v10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X v10.5.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans le syst\u00e8me d\u0027exploitation\nApple Mac OS X permettent \u00e0 un utilisateur malintentionn\u00e9 de porter\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, de contourner la politique de\ns\u00e9curit\u00e9, de provoquer un d\u00e9ni de service, d\u0027\u00e9lever ses privil\u00e8ges et\nd\u0027\u00e9x\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6015"
    },
    {
      "name": "CVE-2007-4568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4568"
    },
    {
      "name": "CVE-2008-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0042"
    },
    {
      "name": "CVE-2008-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0041"
    },
    {
      "name": "CVE-2008-0038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0038"
    },
    {
      "name": "CVE-2008-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0037"
    },
    {
      "name": "CVE-2008-0035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0035"
    },
    {
      "name": "CVE-2008-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0040"
    },
    {
      "name": "CVE-2008-0039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0039"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307430 du 12 f\u00e9vrier 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307430"
    }
  ],
  "reference": "CERTA-2008-AVI-068",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de scurit Apple 307430 du 12 fvrier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-103

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans VMware ESX Server permettent à une personne malintentionnée d'élever ses privilèges, d'atteindre à la confidentialité des données, d'exécuter du code arbitraire ou de provoquer un déni de service.

Description

Plusieurs vulnérabilités dans VMware ESX Server ont été découvertes :

une erreur dans le pilote aacraid SCSI permet à un utilisateur local de provoquer un déni de service ou une élévation de privilèges ;
une vulnérabilité dans Samba permet à une personne malveillante ayant accès à la console de service de provoquer un déni de service ou d'exécuter du code arbitraire à distance ;
plusieurs vunérabilités dans le module python permettent de provoquer un déni de service, d'exécuter du code arbitraire ou d'atteindre à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de VMware pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware ESX Server 2.x ;
	VMware	N/A	VMware ESX Server 3.x.

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2008-0003 du 04 février 2008	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2008-0003 du 04 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans VMware ESX Server ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   une erreur dans le pilote aacraid SCSI permet \u00e0 un utilisateur local\n    de provoquer un d\u00e9ni de service ou une \u00e9l\u00e9vation de privil\u00e8ges ;\n-   une vuln\u00e9rabilit\u00e9 dans Samba permet \u00e0 une personne malveillante\n    ayant acc\u00e8s \u00e0 la console de service de provoquer un d\u00e9ni de service\n    ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ;\n-   plusieurs vun\u00e9rabilit\u00e9s dans le module python permettent de\n    provoquer un d\u00e9ni de service, d\u0027ex\u00e9cuter du code arbitraire ou\n    d\u0027atteindre \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de VMware pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6015"
    },
    {
      "name": "CVE-2006-7228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7228"
    },
    {
      "name": "CVE-2007-4308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4308"
    },
    {
      "name": "CVE-2007-2052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2052"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0003 du 04 f\u00e9vrier    2008 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0003.html"
    }
  ],
  "reference": "CERTA-2008-AVI-103",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-22T00:00:00.000000"
    },
    {
      "description": "correction du lien vers le bulletin de s\u00e9curit\u00e9 VMware.",
      "revision_date": "2008-02-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans VMware ESX Server permettent \u00e0 une\npersonne malintentionn\u00e9e d\u0027\u00e9lever ses privil\u00e8ges, d\u0027atteindre \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, d\u0027ex\u00e9cuter du code arbitraire ou de\nprovoquer un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0003 du 04 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-337

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de HP-UX CIFS Server permettent d'exécuter du code arbitraire à distance.

Description

Deux vulnérabilités liées à Samba et détaillées dans les avis du CERTA CERTA-2007-AVI-502 et CERTA-2008-AVI-276 permettent à un individu malveillant d'exécuter à distance du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CIFS Server versions vA.02.03.x antérieures à vA.02.03.04.
N/A	N/A	CIFS Server versions vA.02.02.x ;
N/A	N/A	CIFS Server versions vA.02.01.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité HP-UX c01475657 du 23 juin 2008	None	vendor-advisory
Bulletin de sécurité HP c01475657 du 23 juin 2008 :	-	other
Document du CERTA CERTA-2007-AVI-502 du 16 novembre 2007 :	-	other
Document du CERTA CERTA-2008-AVI-276 du 29 mai 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CIFS Server versions vA.02.03.x ant\u00e9rieures \u00e0 vA.02.03.04.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CIFS Server versions vA.02.02.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CIFS Server versions vA.02.01.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s li\u00e9es \u00e0 Samba et d\u00e9taill\u00e9es dans les avis du CERTA\nCERTA-2007-AVI-502 et CERTA-2008-AVI-276 permettent \u00e0 un individu\nmalveillant d\u0027ex\u00e9cuter \u00e0 distance du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6015"
    },
    {
      "name": "CVE-2008-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1105"
    },
    {
      "name": "CVE-2007-4572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4572"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01475657 du 23 juin 2008 :",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01475657"
    },
    {
      "title": "Document du CERTA CERTA-2007-AVI-502 du 16 novembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-502/index.html"
    },
    {
      "title": "Document du CERTA CERTA-2008-AVI-276 du 29 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-276/index.html"
    }
  ],
  "reference": "CERTA-2008-AVI-337",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eHP-UX CIFS\nServer\u003c/span\u003e permettent d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s du serveur CIFS de HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX c01475657 du 23 juin 2008",
      "url": null
    }
  ]
}

CERTA-2007-AVI-502

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité dans la construction de réponses d'un serveur Samba à des requêtes Netbios permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Samba, versions 3.0.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité de Samba du 15 novembre 2007	None	vendor-advisory
Bulletin de sécurité Gentoo GLSA 200711-29 du 20 novembre 2007 :	-	other
Bulletin de sécurité Fedora 3402 du 15 novembre 2007 :	-	other
Bulletin de sécurité Debian DSA-1409 du 29 novembre 2007 :	-	other
Bulletin du projet Samba du 15 novembre 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:1013 du 15 novembre 2007 :	-	other
Bulletin de sécurité HP-UX HPSBUX02316 du 10 mars 2008 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:224-1 du 21 novembre 2007 :	-	other
Bulletin de sécurité Ubuntu USN-544-1 du 15 novembre 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSamba, versions 3.0.x.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans la construction de r\u00e9ponses d\u0027un serveur Samba \u00e0\ndes requ\u00eates Netbios permet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n\nUne autre vuln\u00e9rabilit\u00e9, exploitable uniquement si le serveur Samba sert\nde contr\u00f4leur de domaine primaire ou secondaire, permet \u00e9galement \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6015"
    },
    {
      "name": "CVE-2007-5398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5398"
    },
    {
      "name": "CVE-2007-4572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4572"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200711-29 du 20 novembre    2007 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Fedora 3402 du 15 novembre 2007 :",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1409 du 29 novembre 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1409"
    },
    {
      "title": "Bulletin du projet Samba du 15 novembre 2007 :",
      "url": "http://us1.samba.org/samba/history/security.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:1013 du 15 novembre    2007 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-1013.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX HPSBUX02316 du 10 mars 2008 :",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01377687"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:224-1 du 21    novembre 2007 :",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:224-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-544-1 du 15 novembre 2007 :",
      "url": "http://www.ubuntulinux.org/usn/usn-544-1"
    }
  ],
  "reference": "CERTA-2007-AVI-502",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-11-16T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva, Gentoo et Debian.",
      "revision_date": "2007-11-30T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 HP-UX.",
      "revision_date": "2008-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s dans Samba",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 de Samba du 15 novembre 2007",
      "url": null
    }
  ]
}

CERTA-2008-AVI-068

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X Server v10.4.11 ;
N/A	N/A	Mac OS X Server v10.5.1.
N/A	N/A	Mac OS X Server v10.5 ;
N/A	N/A	Mac OS X v10.5 ;
N/A	N/A	Mac OS X v10.4.11 ;
N/A	N/A	Mac OS X v10.5.1 ;

References

Title

Publication Time

Tags

Bulletin de scurit Apple 307430 du 12 fvrier 2008	None	vendor-advisory
Bulletin de sécurité Apple 307430 du 12 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X Server v10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server v10.5.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server v10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X v10.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X v10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X v10.5.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans le syst\u00e8me d\u0027exploitation\nApple Mac OS X permettent \u00e0 un utilisateur malintentionn\u00e9 de porter\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, de contourner la politique de\ns\u00e9curit\u00e9, de provoquer un d\u00e9ni de service, d\u0027\u00e9lever ses privil\u00e8ges et\nd\u0027\u00e9x\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6015"
    },
    {
      "name": "CVE-2007-4568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4568"
    },
    {
      "name": "CVE-2008-0042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0042"
    },
    {
      "name": "CVE-2008-0041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0041"
    },
    {
      "name": "CVE-2008-0038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0038"
    },
    {
      "name": "CVE-2008-0037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0037"
    },
    {
      "name": "CVE-2008-0035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0035"
    },
    {
      "name": "CVE-2008-0040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0040"
    },
    {
      "name": "CVE-2008-0039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0039"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307430 du 12 f\u00e9vrier 2008 :",
      "url": "http://docs.info.apple.com/article.html?artnum=307430"
    }
  ],
  "reference": "CERTA-2008-AVI-068",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de scurit Apple 307430 du 12 fvrier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-103

Vulnerability from certfr_avis - Published: - Updated:

Description

Plusieurs vulnérabilités dans VMware ESX Server ont été découvertes :

une erreur dans le pilote aacraid SCSI permet à un utilisateur local de provoquer un déni de service ou une élévation de privilèges ;
une vulnérabilité dans Samba permet à une personne malveillante ayant accès à la console de service de provoquer un déni de service ou d'exécuter du code arbitraire à distance ;
plusieurs vunérabilités dans le module python permettent de provoquer un déni de service, d'exécuter du code arbitraire ou d'atteindre à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de VMware pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware ESX Server 2.x ;
	VMware	N/A	VMware ESX Server 3.x.

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2008-0003 du 04 février 2008	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2008-0003 du 04 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX Server 2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX Server 3.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s dans VMware ESX Server ont \u00e9t\u00e9 d\u00e9couvertes :\n\n-   une erreur dans le pilote aacraid SCSI permet \u00e0 un utilisateur local\n    de provoquer un d\u00e9ni de service ou une \u00e9l\u00e9vation de privil\u00e8ges ;\n-   une vuln\u00e9rabilit\u00e9 dans Samba permet \u00e0 une personne malveillante\n    ayant acc\u00e8s \u00e0 la console de service de provoquer un d\u00e9ni de service\n    ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ;\n-   plusieurs vun\u00e9rabilit\u00e9s dans le module python permettent de\n    provoquer un d\u00e9ni de service, d\u0027ex\u00e9cuter du code arbitraire ou\n    d\u0027atteindre \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de VMware pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6015"
    },
    {
      "name": "CVE-2006-7228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7228"
    },
    {
      "name": "CVE-2007-4308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4308"
    },
    {
      "name": "CVE-2007-2052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2052"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0003 du 04 f\u00e9vrier    2008 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2008-0003.html"
    }
  ],
  "reference": "CERTA-2008-AVI-103",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-22T00:00:00.000000"
    },
    {
      "description": "correction du lien vers le bulletin de s\u00e9curit\u00e9 VMware.",
      "revision_date": "2008-02-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans VMware ESX Server permettent \u00e0 une\npersonne malintentionn\u00e9e d\u0027\u00e9lever ses privil\u00e8ges, d\u0027atteindre \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, d\u0027ex\u00e9cuter du code arbitraire ou de\nprovoquer un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2008-0003 du 04 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-337

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités de HP-UX CIFS Server permettent d'exécuter du code arbitraire à distance.

Description

Deux vulnérabilités liées à Samba et détaillées dans les avis du CERTA CERTA-2007-AVI-502 et CERTA-2008-AVI-276 permettent à un individu malveillant d'exécuter à distance du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CIFS Server versions vA.02.03.x antérieures à vA.02.03.04.
N/A	N/A	CIFS Server versions vA.02.02.x ;
N/A	N/A	CIFS Server versions vA.02.01.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité HP-UX c01475657 du 23 juin 2008	None	vendor-advisory
Bulletin de sécurité HP c01475657 du 23 juin 2008 :	-	other
Document du CERTA CERTA-2007-AVI-502 du 16 novembre 2007 :	-	other
Document du CERTA CERTA-2008-AVI-276 du 29 mai 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CIFS Server versions vA.02.03.x ant\u00e9rieures \u00e0 vA.02.03.04.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CIFS Server versions vA.02.02.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CIFS Server versions vA.02.01.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s li\u00e9es \u00e0 Samba et d\u00e9taill\u00e9es dans les avis du CERTA\nCERTA-2007-AVI-502 et CERTA-2008-AVI-276 permettent \u00e0 un individu\nmalveillant d\u0027ex\u00e9cuter \u00e0 distance du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-6015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6015"
    },
    {
      "name": "CVE-2008-1105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1105"
    },
    {
      "name": "CVE-2007-4572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4572"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c01475657 du 23 juin 2008 :",
      "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c01475657"
    },
    {
      "title": "Document du CERTA CERTA-2007-AVI-502 du 16 novembre 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-AVI-502/index.html"
    },
    {
      "title": "Document du CERTA CERTA-2008-AVI-276 du 29 mai 2008 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2008-AVI-276/index.html"
    }
  ],
  "reference": "CERTA-2008-AVI-337",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-06-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eHP-UX CIFS\nServer\u003c/span\u003e permettent d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s du serveur CIFS de HP-UX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP-UX c01475657 du 23 juin 2008",
      "url": null
    }
  ]
}

FKIE_CVE-2007-6015

Vulnerability from fkie_nvd - Published: 2007-12-13 21:46 - Updated: 2026-04-23 00:35

Severity ?

Summary

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://bugs.gentoo.org/show_bug.cgi?id=200773
PSIRT-CNA@flexerasoftware.com	http://docs.info.apple.com/article.html?artnum=307430
PSIRT-CNA@flexerasoftware.com	http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
PSIRT-CNA@flexerasoftware.com	http://lists.vmware.com/pipermail/security-announce/2008/000005.html
PSIRT-CNA@flexerasoftware.com	http://marc.info/?l=bugtraq&m=120524782005154&w=2
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/27760	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/27894
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/27977
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/27993
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/27999
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28003
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28028
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28029
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28037
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28067
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28089
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/28891
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/29032
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/29341
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/30484
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/30835
PSIRT-CNA@flexerasoftware.com	http://secunia.com/secunia_research/2007-99/advisory/	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://security.gentoo.org/glsa/glsa-200712-10.xml
PSIRT-CNA@flexerasoftware.com	http://securityreason.com/securityalert/3438
PSIRT-CNA@flexerasoftware.com	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554
PSIRT-CNA@flexerasoftware.com	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1
PSIRT-CNA@flexerasoftware.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1
PSIRT-CNA@flexerasoftware.com	http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm
PSIRT-CNA@flexerasoftware.com	http://www.debian.org/security/2007/dsa-1427
PSIRT-CNA@flexerasoftware.com	http://www.kb.cert.org/vuls/id/438395	US Government Resource
PSIRT-CNA@flexerasoftware.com	http://www.mandriva.com/security/advisories?name=MDKSA-2007:244
PSIRT-CNA@flexerasoftware.com	http://www.novell.com/linux/security/advisories/2007_68_samba.html
PSIRT-CNA@flexerasoftware.com	http://www.redhat.com/support/errata/RHSA-2007-1114.html	Patch
PSIRT-CNA@flexerasoftware.com	http://www.redhat.com/support/errata/RHSA-2007-1117.html
PSIRT-CNA@flexerasoftware.com	http://www.samba.org/samba/security/CVE-2007-6015.html	Patch
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/484818/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/484825/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/484827/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/485144/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/archive/1/488457/100/0/threaded
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/26791
PSIRT-CNA@flexerasoftware.com	http://www.securitytracker.com/id?1019065
PSIRT-CNA@flexerasoftware.com	http://www.ubuntu.com/usn/usn-556-1
PSIRT-CNA@flexerasoftware.com	http://www.us-cert.gov/cas/techalerts/TA08-043B.html	US Government Resource
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2007/4153
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/0495/references
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/0637
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/0859/references
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1712/references
PSIRT-CNA@flexerasoftware.com	http://www.vupen.com/english/advisories/2008/1908
PSIRT-CNA@flexerasoftware.com	http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657
PSIRT-CNA@flexerasoftware.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/38965
PSIRT-CNA@flexerasoftware.com	https://issues.rpath.com/browse/RPL-1976
PSIRT-CNA@flexerasoftware.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572
PSIRT-CNA@flexerasoftware.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605
PSIRT-CNA@flexerasoftware.com	https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html
PSIRT-CNA@flexerasoftware.com	https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html
af854a3a-2127-422b-91ae-364da2661108	http://bugs.gentoo.org/show_bug.cgi?id=200773
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307430
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2008/000005.html
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=120524782005154&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27760	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27894
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27977
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27993
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27999
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28003
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28028
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28029
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28037
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28067
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28089
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/28891
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29032
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29341
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30484
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30835
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2007-99/advisory/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200712-10.xml
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/3438
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1427
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/438395	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2007:244
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_68_samba.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-1114.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2007-1117.html
af854a3a-2127-422b-91ae-364da2661108	http://www.samba.org/samba/security/CVE-2007-6015.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484818/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484825/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/484827/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/485144/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/488457/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26791
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019065
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-556-1
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA08-043B.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/4153
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0495/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0637
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0859/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1712/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1908
af854a3a-2127-422b-91ae-364da2661108	http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38965
af854a3a-2127-422b-91ae-364da2661108	https://issues.rpath.com/browse/RPL-1976
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html

Impacted products

Vendor	Product	Version
samba	samba	2.0.1
samba	samba	2.0.2
samba	samba	2.0.3
samba	samba	2.0.4
samba	samba	2.0.5
samba	samba	2.0.6
samba	samba	2.0.7
samba	samba	2.0.8
samba	samba	2.0.9
samba	samba	2.0.10
samba	samba	2.2.0
samba	samba	2.2.0a
samba	samba	2.2.1a
samba	samba	2.2.2
samba	samba	2.2.3
samba	samba	2.2.3a
samba	samba	2.2.4
samba	samba	2.2.5
samba	samba	2.2.6
samba	samba	2.2.7
samba	samba	2.2.7a
samba	samba	2.2.8
samba	samba	2.2.8a
samba	samba	2.2.9
samba	samba	2.2.11
samba	samba	2.2.12
samba	samba	3.0.0
samba	samba	3.0.1
samba	samba	3.0.2
samba	samba	3.0.2a
samba	samba	3.0.10
samba	samba	3.0.11
samba	samba	3.0.12
samba	samba	3.0.13
samba	samba	3.0.14
samba	samba	3.0.14a
samba	samba	3.0.20
samba	samba	3.0.20a
samba	samba	3.0.20b
samba	samba	3.0.21
samba	samba	3.0.21a
samba	samba	3.0.21b
samba	samba	3.0.21c
samba	samba	3.0.22
samba	samba	3.0.23a
samba	samba	3.0.23b
samba	samba	3.0.23c
samba	samba	3.0.23d
samba	samba	3.0.24
samba	samba	3.0.25
samba	samba	3.0.25
samba	samba	3.0.25
samba	samba	3.0.25
samba	samba	3.0.25
samba	samba	3.0.25
samba	samba	3.0.25a
samba	samba	3.0.25b
samba	samba	3.0.25c
samba	samba	3.0.26
samba	samba	3.0.26a
samba	samba	3.0.27

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "76D03B96-8FF3-4FC6-BC38-288F3ADBA9BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF2248C-5A71-49FC-88F4-2D1F376155FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4FD10B2-ED2D-4F55-8F0E-77429C8A716E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F15704-2F2B-4536-A2A0-510B5CE91D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "93AF43FA-9947-4F26-96E8-1D77BF909AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A46D8D-1535-400B-B1CD-AA2685F4164D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CB46ABA-F403-4715-915D-870BD221C8FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD51F01-B47A-47F5-8798-2EB53EB17297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C127A2E6-F94F-41D5-82AA-60C0190186BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "61291A4C-28A3-433B-80D2-005976851882",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65AC9643-E1A5-4013-9607-17C6CC7CC63B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "090E2541-2DBA-41CB-A792-9E703C797949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F65FF3-71F8-4278-A823-A6E0FF65D9F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C71CB60-2689-4A4A-9509-E2F3135E6491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0129E404-3AE8-4F0E-89CB-7F2FA5B47011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "614547F5-9C3F-489B-9B72-91B0FF646CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A052141C-874D-4ED0-99FB-D7468FACFC6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9739EA65-9FA8-425E-B355-E690773D5B1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B618F94-DAC2-4A97-9F7F-8BCEA3199769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE7C057-B024-4417-B572-5D396366620E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "34DC3500-F8F0-46E1-B0AA-C2474CCB3DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFCD334C-FB95-41A6-8F4C-FCC4E70CE930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C86202-3150-440C-B048-BB039E9D3606",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "98CAF474-0C3A-4E49-8CF8-9DF14D84CDCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C92304DE-CFBB-4C03-AA7F-54DB3C14ECF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:2.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "04F39AA5-9048-4EE9-B0F2-CE679C673F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F84FB25B-5EA5-48DC-B528-E8CCF714C919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "216145B7-4716-42F7-90DC-03884ECB2271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "898968E5-577E-4B86-A804-EBEC67157A61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "920EF846-41D1-429D-AF0F-3D7950F93069",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "13E6C8A4-FA17-44EF-A447-C73108540B59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D5EA00-CC2E-4E56-8297-A3C1CEDBBE06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "50E05AD3-C7F0-421D-8C9B-604E553332E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A53517C-F12D-4D74-A722-5AE23598CEC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BF4A0A7-E176-4009-BAA2-E23B330D91A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*",
              "matchCriteriaId": "42EB6115-CC45-4464-8400-D7E3A9402803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F002F105-A911-4E56-8630-C287DC527E05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1936E19-9887-4E53-AA0C-738ABD4B97EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2206C09-6A4B-4EC4-A206-E48EDF966913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B918306-8743-404D-A035-CC3997ADCC3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*",
              "matchCriteriaId": "43684906-D3AA-40FB-A75D-ED65C1DC9BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E39538-4811-49DB-97CF-1F018C58BAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C85D69FE-AF43-4B0E-A7A9-2D2C16426180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "86347948-C08F-4F02-89A0-4F4A55CD4BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA7905C-51A0-4A56-A6A5-330288613055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE85033-0658-4D60-8C7A-6E2BD63AFDCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*",
              "matchCriteriaId": "4600AAA4-834D-4F63-8E9A-88CB555C029E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*",
              "matchCriteriaId": "54FE8D2E-AF0D-4C84-A5BC-2CE6759B534C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFA3B82-9440-49E1-8088-FA22C0B7DD88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "0762B1DA-7232-478D-805F-5E2A50F8BEAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*",
              "matchCriteriaId": "9F22FC74-5999-4158-A253-674BF1C21E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*",
              "matchCriteriaId": "0EEB31C4-5352-4905-8D9E-BD754991F07E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B0BE2AEC-6ACD-422C-AD20-6C034D68C891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "101163D7-D440-43CC-8704-A9614CD8CEE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "F0E4811D-3387-4838-94A0-1BD7F3C9C3D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B69EA9CF-627C-4600-B4EC-10E91DB07E1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25b:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF740A1-0BEC-4E29-9C74-F1F906EF3EC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.25c:*:*:*:*:*:*:*",
              "matchCriteriaId": "99A8D6D8-A207-498F-8DB2-EB7ED842CE1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "70BB5BA1-F499-40FC-80F6-B3CD2F1BB074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.26a:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A973443-C497-41FB-AF47-529AA2906CCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BEE83D0-8377-49FB-AC7D-3B5E9DB6918B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \"domain logons\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n send_mailslot de nmbd en Samba 3.0.0 hasta 3.0.27a, cuando la opci\u00f3n \"inicios de sesi\u00f3n de dominio\" est\u00e1 habilitada, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n de ranura de buz\u00f3n GETDC compuesta de una cadena larga GETDC a la que sigue un nombre de usuario en una petici\u00f3n de inicio de sesi\u00f3n SAMLOGON."
    }
  ],
  "id": "CVE-2007-6015",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-12-13T21:46:00.000",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=200773"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://docs.info.apple.com/article.html?artnum=307430"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27760"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/27894"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/27977"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/27993"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/27999"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/28003"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/28028"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/28029"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/28037"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/28067"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/28089"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/28891"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/29032"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/29341"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/30484"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/30835"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-99/advisory/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://security.gentoo.org/glsa/glsa-200712-10.xml"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://securityreason.com/securityalert/3438"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.451554"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.debian.org/security/2007/dsa-1427"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/438395"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:244"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_68_samba.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1114.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1117.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.samba.org/samba/security/CVE-2007-6015.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/484818/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/484825/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/484827/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/485144/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/26791"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securitytracker.com/id?1019065"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.ubuntu.com/usn/usn-556-1"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2007/4153"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/0495/references"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/0637"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/0859/references"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1712/references"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2008/1908"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38965"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://issues.rpath.com/browse/RPL-1976"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=200773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28028"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28891"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2007-99/advisory/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200712-10.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.451554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1427"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/438395"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_68_samba.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1114.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1117.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.samba.org/samba/security/CVE-2007-6015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/484818/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/484825/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/484827/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/485144/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-556-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/4153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0495/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0859/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1712/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-HHRV-J6CC-JR4P

Vulnerability from github – Published: 2022-05-01 18:38 – Updated: 2025-04-09 03:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-6015"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-12-13T21:46:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the \"domain logons\" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.",
  "id": "GHSA-hhrv-j6cc-jr4p",
  "modified": "2025-04-09T03:49:14Z",
  "published": "2022-05-01T18:38:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6015"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38965"
    },
    {
      "type": "WEB",
      "url": "https://issues.rpath.com/browse/RPL-1976"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=200773"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307430"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=120524782005154\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27760"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27894"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27977"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27993"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27999"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28003"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28028"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28029"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28037"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28067"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28089"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/28891"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29032"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29341"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30484"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30835"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2007-99/advisory"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200712-10.xml"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/3438"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.451554"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1427"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/438395"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:244"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_68_samba.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1114.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-1117.html"
    },
    {
      "type": "WEB",
      "url": "http://www.samba.org/samba/security/CVE-2007-6015.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/484818/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/484825/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/484827/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/485144/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26791"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019065"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-556-1"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/4153"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0495/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0637"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0859/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1712/references"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/1908"
    },
    {
      "type": "WEB",
      "url": "http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-6015 (GCVE-0-2007-6015)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature