Executive Summary
Summary | |
---|---|
Title | Samba vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-544-1 | First vendor Publication | 2007-11-16 |
Vendor | Ubuntu | Last vendor Modification | 2007-11-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: Ubuntu 7.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. (CVE-2007-4572) Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. (CVE-2007-5398) |
Original Source
Url : http://www.ubuntu.com/usn/USN-544-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10230 | |||
Oval ID: | oval:org.mitre.oval:def:10230 | ||
Title: | Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | ||
Description: | Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5398 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11132 | |||
Oval ID: | oval:org.mitre.oval:def:11132 | ||
Title: | Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | ||
Description: | Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4572 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17460 | |||
Oval ID: | oval:org.mitre.oval:def:17460 | ||
Title: | USN-544-1 -- samba vulnerabilities | ||
Description: | Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-544-1 CVE-2007-4572 CVE-2007-5398 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | samba |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17753 | |||
Oval ID: | oval:org.mitre.oval:def:17753 | ||
Title: | USN-544-2 -- samba regression | ||
Description: | USN-544-1 fixed two vulnerabilities in Samba. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-544-2 CVE-2007-5398 CVE-2007-4572 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | samba |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18728 | |||
Oval ID: | oval:org.mitre.oval:def:18728 | ||
Title: | DSA-1409-1 samba - several vulnerabilities | ||
Description: | This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. The original text is reproduced below: | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1409-1 CVE-2007-4572 CVE-2007-5398 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | samba |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20204 | |||
Oval ID: | oval:org.mitre.oval:def:20204 | ||
Title: | DSA-1409-2 samba - several vulnerabilities | ||
Description: | This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. The original text is reproduced below. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1409-2 CVE-2007-4572 CVE-2007-5398 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | samba |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20356 | |||
Oval ID: | oval:org.mitre.oval:def:20356 | ||
Title: | DSA-1409-3 samba - several vulnerabilities (update) | ||
Description: | This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. The original text is reproduced below. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1409-3 CVE-2007-4572 CVE-2007-5398 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | samba |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22612 | |||
Oval ID: | oval:org.mitre.oval:def:22612 | ||
Title: | ELSA-2007:1017: samba security update (Critical) | ||
Description: | Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:1017-01 CVE-2007-4572 CVE-2007-4138 CVE-2007-5398 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | samba |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5643 | |||
Oval ID: | oval:org.mitre.oval:def:5643 | ||
Title: | HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code | ||
Description: | Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4572 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5811 | |||
Oval ID: | oval:org.mitre.oval:def:5811 | ||
Title: | HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code | ||
Description: | Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5398 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl |
2010-02-15 | Name : Solaris Update for Samba 114685-15 File : nvt/gb_solaris_114685_15.nasl |
2010-02-15 | Name : Solaris Update for Samba 114684-15 File : nvt/gb_solaris_114684_15.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for Samba 119758-16 File : nvt/gb_solaris_119758_16.nasl |
2009-10-13 | Name : Solaris Update for Samba 119757-16 File : nvt/gb_solaris_119757_16.nasl |
2009-10-13 | Name : Solaris Update for Samba 114685-14 File : nvt/gb_solaris_114685_14.nasl |
2009-10-13 | Name : Solaris Update for Samba 114684-14 File : nvt/gb_solaris_114684_14.nasl |
2009-10-10 | Name : SLES9: Security update for Samba File : nvt/sles9p5014067.nasl |
2009-09-23 | Name : Solaris Update for Samba 119758-15 File : nvt/gb_solaris_119758_15.nasl |
2009-09-23 | Name : Solaris Update for Samba 119757-15 File : nvt/gb_solaris_119757_15.nasl |
2009-06-03 | Name : Solaris Update for Samba 114684-13 File : nvt/gb_solaris_114684_13.nasl |
2009-06-03 | Name : Solaris Update for Samba 119758-14 File : nvt/gb_solaris_119758_14.nasl |
2009-06-03 | Name : Solaris Update for Samba 119757-14 File : nvt/gb_solaris_119757_14.nasl |
2009-06-03 | Name : Solaris Update for Samba 114685-13 File : nvt/gb_solaris_114685_13.nasl |
2009-05-05 | Name : HP-UX Update for HP CIFS Server (Samba) HPSBUX02341 File : nvt/gb_hp_ux_HPSBUX02341.nasl |
2009-05-05 | Name : HP-UX Update for HP CIFS Server (Samba) HPSBUX02316 File : nvt/gb_hp_ux_HPSBUX02316.nasl |
2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:224 (samba) File : nvt/gb_mandriva_MDKSA_2007_224.nasl |
2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:224-1 (samba) File : nvt/gb_mandriva_MDKSA_2007_224_1.nasl |
2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:224-3 (samba) File : nvt/gb_mandriva_MDKSA_2007_224_3.nasl |
2009-03-23 | Name : Ubuntu Update for samba regression USN-617-2 File : nvt/gb_ubuntu_USN_617_2.nasl |
2009-03-23 | Name : Ubuntu Update for samba vulnerabilities USN-617-1 File : nvt/gb_ubuntu_USN_617_1.nasl |
2009-03-23 | Name : Ubuntu Update for samba regression USN-544-2 File : nvt/gb_ubuntu_USN_544_2.nasl |
2009-03-23 | Name : Ubuntu Update for samba vulnerabilities USN-544-1 File : nvt/gb_ubuntu_USN_544_1.nasl |
2009-03-06 | Name : RedHat Update for samba RHSA-2007:1114-01 File : nvt/gb_RHSA-2007_1114-01_samba.nasl |
2009-02-27 | Name : CentOS Update for samba CESA-2007:1114 centos3 x86_64 File : nvt/gb_CESA-2007_1114_samba_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for samba CESA-2007:1114-01 centos2 i386 File : nvt/gb_CESA-2007_1114-01_samba_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for samba CESA-2007:1114 centos3 i386 File : nvt/gb_CESA-2007_1114_samba_centos3_i386.nasl |
2009-02-27 | Name : Fedora Update for samba FEDORA-2007-3402 File : nvt/gb_fedora_2007_3402_samba_fc7.nasl |
2009-02-27 | Name : Fedora Update for samba FEDORA-2007-3403 File : nvt/gb_fedora_2007_3403_samba_fc8.nasl |
2009-02-27 | Name : Fedora Update for samba FEDORA-2007-4275 File : nvt/gb_fedora_2007_4275_samba_fc8.nasl |
2009-02-27 | Name : Fedora Update for samba FEDORA-2007-751 File : nvt/gb_fedora_2007_751_samba_fc6.nasl |
2009-02-17 | Name : Fedora Update for samba FEDORA-2008-4679 File : nvt/gb_fedora_2008_4679_samba_fc8.nasl |
2009-02-16 | Name : Fedora Update for samba FEDORA-2008-10638 File : nvt/gb_fedora_2008_10638_samba_fc8.nasl |
2009-01-28 | Name : SuSE Update for samba SUSE-SA:2007:065 File : nvt/gb_suse_2007_065.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-29 (samba) File : nvt/glsa_200711_29.nasl |
2008-09-04 | Name : FreeBSD Ports: samba, samba3, ja-samba File : nvt/freebsd_samba10.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1409-1 (samba) File : nvt/deb_1409_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1409-3 (samba) File : nvt/deb_1409_3.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1409-2 (samba) File : nvt/deb_1409_2.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-320-01 samba File : nvt/esoft_slk_ssa_2007_320_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
39180 | Samba nmbd Crafted GETDC mailslot Request Remote Overflow |
39179 | Samba nmbd nmbd/nmbd_packets.c reply_netbios_packet Function Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2015-03-31 | Samba WINS Server Name Registration handling stack buffer overflow attempt RuleID : 33582 - Revision : 3 - Type : SERVER-SAMBA |
2014-01-10 | Samba WINS Server Name Registration handling stack buffer overflow attempt RuleID : 16058 - Revision : 13 - Type : SERVER-SAMBA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1114.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1016.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1013.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1016.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1034.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071210_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071115_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0001.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1013.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-617-2.nasl - Type : ACT_GATHER_INFO |
2008-06-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-617-1.nasl - Type : ACT_GATHER_INFO |
2007-12-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-4719.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1114.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1114.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_cifs-mount-4740.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-29.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a63b15f997ff11dc9e480016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-751.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1409.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-320-01.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-544-2.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3403.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-224.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Samba server may be affected one or more vulnerabilities. File : samba_3_0_27.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3402.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1017.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-544-1.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1016.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1013.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114684-17 File : solaris9_114684.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114685-17 File : solaris9_x86_114685.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:46 |
|