Computer Security
[EN] no-pyccku

Samba file server multiple security vulnerabilities
updated since 05.02.2007
SecurityVulns ID:7181
Threat Level:
Description:Solaris gethostbyname() and functions buffer overflow. Remote DoS in smbd with infinite loop. Format string vulnerability in VFS plugin.
Affected:SAMBA : Samba 3.0
CVE:CVE-2007-0454 (Format string vulnerability in the VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.)
 CVE-2007-0453 (Buffer overflow in the library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.)
 CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.)
Original documentdocumentSAMBA, [SAMBA-SECURITY] CVE-2007-0454: Format string bug in VFS plugin (05.02.2007)
 documentSAMBA, [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 - 3.0.23d (05.02.2007)
 documentSAMBA, [SAMBA-SECURITY] CVE-2007-0453: Buffer overrun in on Solaris (05.02.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod