Executive Summary

Informations
Name CVE-2007-2444 First vendor Publication 2007-05-14
Vendor Cve Last vendor Modification 2022-08-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-269 Improper Privilege Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Os 3
Os 2

OpenVAS Exploits

Date Description
2010-02-15 Name : Solaris Update for Samba 114685-15
File : nvt/gb_solaris_114685_15.nasl
2010-02-15 Name : Solaris Update for Samba 114684-15
File : nvt/gb_solaris_114684_15.nasl
2009-10-13 Name : Solaris Update for Samba 119757-16
File : nvt/gb_solaris_119757_16.nasl
2009-10-13 Name : Solaris Update for Samba 119758-16
File : nvt/gb_solaris_119758_16.nasl
2009-10-13 Name : Solaris Update for Samba 114685-14
File : nvt/gb_solaris_114685_14.nasl
2009-10-13 Name : Solaris Update for Samba 114684-14
File : nvt/gb_solaris_114684_14.nasl
2009-09-23 Name : Solaris Update for Samba 119758-15
File : nvt/gb_solaris_119758_15.nasl
2009-09-23 Name : Solaris Update for Samba 119757-15
File : nvt/gb_solaris_119757_15.nasl
2009-06-03 Name : Solaris Update for Samba 114684-13
File : nvt/gb_solaris_114684_13.nasl
2009-06-03 Name : Solaris Update for Samba 114685-13
File : nvt/gb_solaris_114685_13.nasl
2009-06-03 Name : Solaris Update for Samba 119757-14
File : nvt/gb_solaris_119757_14.nasl
2009-06-03 Name : Solaris Update for Samba 119758-14
File : nvt/gb_solaris_119758_14.nasl
2009-04-09 Name : Mandriva Update for samba MDKSA-2007:104-1 (samba)
File : nvt/gb_mandriva_MDKSA_2007_104_1.nasl
2009-04-09 Name : Mandriva Update for samba MDKSA-2007:104 (samba)
File : nvt/gb_mandriva_MDKSA_2007_104.nasl
2009-03-23 Name : Ubuntu Update for samba vulnerabilities USN-460-1
File : nvt/gb_ubuntu_USN_460_1.nasl
2009-03-23 Name : Ubuntu Update for samba regression USN-460-2
File : nvt/gb_ubuntu_USN_460_2.nasl
2009-02-27 Name : Fedora Update for samba FEDORA-2007-507
File : nvt/gb_fedora_2007_507_samba_fc6.nasl
2009-02-27 Name : Fedora Update for samba FEDORA-2007-506
File : nvt/gb_fedora_2007_506_samba_fc5.nasl
2009-01-28 Name : SuSE Update for samba SUSE-SA:2007:031
File : nvt/gb_suse_2007_031.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200705-15 (samba)
File : nvt/glsa_200705_15.nasl
2008-09-04 Name : FreeBSD Ports: samba, ja-samba
File : nvt/freebsd_samba12.nasl
2008-01-17 Name : Debian Security Advisory DSA 1291-4 (samba)
File : nvt/deb_1291_4.nasl
2008-01-17 Name : Debian Security Advisory DSA 1291-3 (samba)
File : nvt/deb_1291_3.nasl
2008-01-17 Name : Debian Security Advisory DSA 1291-2 (samba)
File : nvt/deb_1291_2.nasl
0000-00-00 Name : Slackware Advisory SSA:2007-134-01 samba
File : nvt/esoft_slk_ssa_2007_134_01.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
34698 Samba SID/Name Translation Privileged SMB/CIFS Protocol Operation Execution

Nessus® Vulnerability Scanner

Date Description
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-460-1.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-460-2.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_samba-3350.nasl - Type : ACT_GATHER_INFO
2007-05-20 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3546a83303ea11dca51d0019b95d4f14.nasl - Type : ACT_GATHER_INFO
2007-05-16 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-134-01.nasl - Type : ACT_GATHER_INFO
2007-05-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1291.nasl - Type : ACT_GATHER_INFO
2007-05-16 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-506.nasl - Type : ACT_GATHER_INFO
2007-05-16 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-507.nasl - Type : ACT_GATHER_INFO
2007-05-16 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200705-15.nasl - Type : ACT_GATHER_INFO
2007-05-16 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-104.nasl - Type : ACT_GATHER_INFO
2007-05-15 Name : The remote Samba server is affected by multiple vulnerabilities.
File : samba_3_0_25.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/23974
BUGTRAQ http://www.securityfocus.com/archive/1/468548/100/0/threaded
http://www.securityfocus.com/archive/1/468670/100/0/threaded
CONFIRM http://www.samba.org/samba/security/CVE-2007-2444.html
https://issues.rpath.com/browse/RPL-1366
DEBIAN http://www.debian.org/security/2007/dsa-1291
GENTOO http://security.gentoo.org/glsa/glsa-200705-15.xml
HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
OPENPKG http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
OSVDB http://osvdb.org/34698
SECTRACK http://www.securitytracker.com/id?1018049
SECUNIA http://secunia.com/advisories/25232
http://secunia.com/advisories/25241
http://secunia.com/advisories/25246
http://secunia.com/advisories/25251
http://secunia.com/advisories/25255
http://secunia.com/advisories/25256
http://secunia.com/advisories/25259
http://secunia.com/advisories/25270
http://secunia.com/advisories/25289
http://secunia.com/advisories/25675
http://secunia.com/advisories/25772
SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&...
SREASON http://securityreason.com/securityalert/2701
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
SUSE http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
TRUSTIX http://www.trustix.org/errata/2007/0017/
UBUNTU http://www.ubuntu.com/usn/usn-460-1
http://www.ubuntu.com/usn/usn-460-2
VUPEN http://www.vupen.com/english/advisories/2007/1805
http://www.vupen.com/english/advisories/2007/2210
http://www.vupen.com/english/advisories/2007/2281

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2022-08-30 00:27:46
  • Multiple Updates
2021-05-04 12:05:43
  • Multiple Updates
2021-04-22 01:06:17
  • Multiple Updates
2020-05-23 00:19:42
  • Multiple Updates
2018-10-16 21:19:56
  • Multiple Updates
2016-06-28 16:26:25
  • Multiple Updates
2016-04-26 16:05:13
  • Multiple Updates
2014-02-17 10:40:04
  • Multiple Updates
2013-07-18 13:18:26
  • Multiple Updates
2013-07-11 13:30:00
  • Multiple Updates
2013-05-11 10:24:48
  • Multiple Updates