Executive Summary
Summary | |
---|---|
Title | samba security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:1013 | First vendor Publication | 2007-11-15 |
Vendor | RedHat | Last vendor Modification | 2007-11-15 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated samba packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Samba is a suite of programs used by machines to share files, printers, and other information. A buffer overflow flaw was found in the way Samba creates NetBIOS replies. If a Samba server is configured to run as a WINS server, a remote unauthenticated user could cause the Samba server to crash or execute arbitrary code. (CVE-2007-5398) A heap-based buffer overflow flaw was found in the way Samba authenticates users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash. Careful analysis of this flaw has determined that arbitrary code execution is not possible, and under most circumstances will not result in a crash of the Samba server. (CVE-2007-4572) Red Hat would like to thank Alin Rad Pop of Secunia Research, and the Samba developers for responsibly disclosing these issues. Users of Samba are advised to ugprade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 294631 - CVE-2007-4572 samba buffer overflow 358831 - CVE-2007-5398 Samba "reply_netbios_packet()" Buffer Overflow Vulnerability |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-1013.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10230 | |||
Oval ID: | oval:org.mitre.oval:def:10230 | ||
Title: | Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | ||
Description: | Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5398 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11132 | |||
Oval ID: | oval:org.mitre.oval:def:11132 | ||
Title: | Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | ||
Description: | Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4572 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17460 | |||
Oval ID: | oval:org.mitre.oval:def:17460 | ||
Title: | USN-544-1 -- samba vulnerabilities | ||
Description: | Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-544-1 CVE-2007-4572 CVE-2007-5398 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | samba |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17753 | |||
Oval ID: | oval:org.mitre.oval:def:17753 | ||
Title: | USN-544-2 -- samba regression | ||
Description: | USN-544-1 fixed two vulnerabilities in Samba. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-544-2 CVE-2007-5398 CVE-2007-4572 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | samba |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18728 | |||
Oval ID: | oval:org.mitre.oval:def:18728 | ||
Title: | DSA-1409-1 samba - several vulnerabilities | ||
Description: | This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. The original text is reproduced below: | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1409-1 CVE-2007-4572 CVE-2007-5398 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | samba |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20204 | |||
Oval ID: | oval:org.mitre.oval:def:20204 | ||
Title: | DSA-1409-2 samba - several vulnerabilities | ||
Description: | This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. The original text is reproduced below. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1409-2 CVE-2007-4572 CVE-2007-5398 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | samba |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20356 | |||
Oval ID: | oval:org.mitre.oval:def:20356 | ||
Title: | DSA-1409-3 samba - several vulnerabilities (update) | ||
Description: | This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. The original text is reproduced below. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1409-3 CVE-2007-4572 CVE-2007-5398 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | samba |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22612 | |||
Oval ID: | oval:org.mitre.oval:def:22612 | ||
Title: | ELSA-2007:1017: samba security update (Critical) | ||
Description: | Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:1017-01 CVE-2007-4572 CVE-2007-4138 CVE-2007-5398 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | samba |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5643 | |||
Oval ID: | oval:org.mitre.oval:def:5643 | ||
Title: | HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code | ||
Description: | Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4572 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5811 | |||
Oval ID: | oval:org.mitre.oval:def:5811 | ||
Title: | HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code | ||
Description: | Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-5398 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl |
2010-02-15 | Name : Solaris Update for Samba 114685-15 File : nvt/gb_solaris_114685_15.nasl |
2010-02-15 | Name : Solaris Update for Samba 114684-15 File : nvt/gb_solaris_114684_15.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for Samba 119758-16 File : nvt/gb_solaris_119758_16.nasl |
2009-10-13 | Name : Solaris Update for Samba 119757-16 File : nvt/gb_solaris_119757_16.nasl |
2009-10-13 | Name : Solaris Update for Samba 114685-14 File : nvt/gb_solaris_114685_14.nasl |
2009-10-13 | Name : Solaris Update for Samba 114684-14 File : nvt/gb_solaris_114684_14.nasl |
2009-10-10 | Name : SLES9: Security update for Samba File : nvt/sles9p5014067.nasl |
2009-09-23 | Name : Solaris Update for Samba 119758-15 File : nvt/gb_solaris_119758_15.nasl |
2009-09-23 | Name : Solaris Update for Samba 119757-15 File : nvt/gb_solaris_119757_15.nasl |
2009-06-03 | Name : Solaris Update for Samba 114684-13 File : nvt/gb_solaris_114684_13.nasl |
2009-06-03 | Name : Solaris Update for Samba 119758-14 File : nvt/gb_solaris_119758_14.nasl |
2009-06-03 | Name : Solaris Update for Samba 119757-14 File : nvt/gb_solaris_119757_14.nasl |
2009-06-03 | Name : Solaris Update for Samba 114685-13 File : nvt/gb_solaris_114685_13.nasl |
2009-05-05 | Name : HP-UX Update for HP CIFS Server (Samba) HPSBUX02341 File : nvt/gb_hp_ux_HPSBUX02341.nasl |
2009-05-05 | Name : HP-UX Update for HP CIFS Server (Samba) HPSBUX02316 File : nvt/gb_hp_ux_HPSBUX02316.nasl |
2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:224 (samba) File : nvt/gb_mandriva_MDKSA_2007_224.nasl |
2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:224-1 (samba) File : nvt/gb_mandriva_MDKSA_2007_224_1.nasl |
2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:224-3 (samba) File : nvt/gb_mandriva_MDKSA_2007_224_3.nasl |
2009-03-23 | Name : Ubuntu Update for samba regression USN-617-2 File : nvt/gb_ubuntu_USN_617_2.nasl |
2009-03-23 | Name : Ubuntu Update for samba vulnerabilities USN-617-1 File : nvt/gb_ubuntu_USN_617_1.nasl |
2009-03-23 | Name : Ubuntu Update for samba regression USN-544-2 File : nvt/gb_ubuntu_USN_544_2.nasl |
2009-03-23 | Name : Ubuntu Update for samba vulnerabilities USN-544-1 File : nvt/gb_ubuntu_USN_544_1.nasl |
2009-03-06 | Name : RedHat Update for samba RHSA-2007:1114-01 File : nvt/gb_RHSA-2007_1114-01_samba.nasl |
2009-02-27 | Name : CentOS Update for samba CESA-2007:1114 centos3 x86_64 File : nvt/gb_CESA-2007_1114_samba_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for samba CESA-2007:1114-01 centos2 i386 File : nvt/gb_CESA-2007_1114-01_samba_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for samba CESA-2007:1114 centos3 i386 File : nvt/gb_CESA-2007_1114_samba_centos3_i386.nasl |
2009-02-27 | Name : Fedora Update for samba FEDORA-2007-3402 File : nvt/gb_fedora_2007_3402_samba_fc7.nasl |
2009-02-27 | Name : Fedora Update for samba FEDORA-2007-3403 File : nvt/gb_fedora_2007_3403_samba_fc8.nasl |
2009-02-27 | Name : Fedora Update for samba FEDORA-2007-4275 File : nvt/gb_fedora_2007_4275_samba_fc8.nasl |
2009-02-27 | Name : Fedora Update for samba FEDORA-2007-751 File : nvt/gb_fedora_2007_751_samba_fc6.nasl |
2009-02-17 | Name : Fedora Update for samba FEDORA-2008-4679 File : nvt/gb_fedora_2008_4679_samba_fc8.nasl |
2009-02-16 | Name : Fedora Update for samba FEDORA-2008-10638 File : nvt/gb_fedora_2008_10638_samba_fc8.nasl |
2009-01-28 | Name : SuSE Update for samba SUSE-SA:2007:065 File : nvt/gb_suse_2007_065.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-29 (samba) File : nvt/glsa_200711_29.nasl |
2008-09-04 | Name : FreeBSD Ports: samba, samba3, ja-samba File : nvt/freebsd_samba10.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1409-1 (samba) File : nvt/deb_1409_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1409-3 (samba) File : nvt/deb_1409_3.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1409-2 (samba) File : nvt/deb_1409_2.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-320-01 samba File : nvt/esoft_slk_ssa_2007_320_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
39180 | Samba nmbd Crafted GETDC mailslot Request Remote Overflow |
39179 | Samba nmbd nmbd/nmbd_packets.c reply_netbios_packet Function Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2015-03-31 | Samba WINS Server Name Registration handling stack buffer overflow attempt RuleID : 33582 - Revision : 3 - Type : SERVER-SAMBA |
2014-01-10 | Samba WINS Server Name Registration handling stack buffer overflow attempt RuleID : 16058 - Revision : 13 - Type : SERVER-SAMBA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1114.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1016.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1013.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1016.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1034.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071210_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071115_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0001.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1013.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-617-2.nasl - Type : ACT_GATHER_INFO |
2008-06-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-617-1.nasl - Type : ACT_GATHER_INFO |
2007-12-18 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-4719.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1114.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1114.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote openSUSE host is missing a security update. File : suse_cifs-mount-4740.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-29.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a63b15f997ff11dc9e480016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-751.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1409.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-320-01.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-544-2.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3403.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-224.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Samba server may be affected one or more vulnerabilities. File : samba_3_0_27.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Fedora host is missing a security update. File : fedora_2007-3402.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1017.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-544-1.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1016.nasl - Type : ACT_GATHER_INFO |
2007-11-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1013.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114684-17 File : solaris9_114684.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114685-17 File : solaris9_x86_114685.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:09 |
|