Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2007-0454
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping..
CVSSv2.0 Score
- Severity
- High
- Base Score
- 7.5/10
- Exploit Score
- 10/10
- Access Vector
- Network
- Access Complexity
- Low
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
| CPE | Affected | Vulnerable | Excluding | Edit |
|---|---|---|---|---|
| cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*: |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:* |
Yes
|
- | - | |
| cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:* |
Yes
|
- | - | |
| cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:x86_64:*: |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:* |
Yes
|
- | - | |
| cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:* |
Yes
|
- | - |
References
- http://www.securityfocus.com/bid/22403
- http://us1.samba.org/samba/security/CVE-2007-0454.html
- https://issues.rpath.com/browse/RPL-1005
- http://www.debian.org/security/2007/dsa-1257
- http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-securit
- http://www.trustix.org/errata/2007/0007
- http://www.ubuntu.com/usn/usn-419-1
- http://www.kb.cert.org/vuls/id/649732
- http://securitytracker.com/id?1017588
- http://secunia.com/advisories/24021
- http://secunia.com/advisories/24060
- http://secunia.com/advisories/24067
- http://secunia.com/advisories/24101
- http://secunia.com/advisories/24046
- http://secunia.com/advisories/24151
- http://secunia.com/advisories/24145
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
- http://osvdb.org/33101
- http://www.vupen.com/english/advisories/2007/0483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32304
- http://www.securityfocus.com/archive/1/459365/100/0/threaded
- http://www.securityfocus.com/archive/1/459179/100/0/threaded