Executive Summary
Summary | |
---|---|
Title | Samba vulnerability |
Informations | |||
---|---|---|---|
Name | USN-556-1 | First vendor Publication | 2007-12-18 |
Vendor | Ubuntu | Last vendor Modification | 2007-12-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 6.10: Ubuntu 7.04: Ubuntu 7.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Alin Rad Pop discovered that Samba did not correctly check the size of reply packets to mailslot requests. If a server was configured with domain logon enabled, an unauthenticated remote attacker could send a specially crafted domain logon packet and execute arbitrary code or crash the Samba service. By default, domain logon is disabled in Ubuntu. |
Original Source
Url : http://www.ubuntu.com/usn/USN-556-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11572 | |||
Oval ID: | oval:org.mitre.oval:def:11572 | ||
Title: | Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. | ||
Description: | Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6015 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17746 | |||
Oval ID: | oval:org.mitre.oval:def:17746 | ||
Title: | USN-556-1 -- samba vulnerability | ||
Description: | Alin Rad Pop discovered that Samba did not correctly check the size of reply packets to mailslot requests. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-556-1 CVE-2007-6015 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | samba |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18457 | |||
Oval ID: | oval:org.mitre.oval:def:18457 | ||
Title: | DSA-1427-1 samba - buffer overflow | ||
Description: | Alin Rad Pop discovered that Samba, a LanManager-like file and printer server for Unix, is vulnerable to a buffer overflow in the nmbd code which handles GETDC mailslot requests, which might lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1427-1 CVE-2007-6015 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | samba |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21715 | |||
Oval ID: | oval:org.mitre.oval:def:21715 | ||
Title: | ELSA-2007:1114: samba security and bug fix update (Critical) | ||
Description: | Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:1114-01 CVE-2007-6015 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | samba |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5605 | |||
Oval ID: | oval:org.mitre.oval:def:5605 | ||
Title: | HP-UX running HP CIFS Server (Samba), Remote Execution of Arbitrary Code | ||
Description: | Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-6015 | Version: | 9 |
Platform(s): | HP-UX 11 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.2 Update / Mac OS X Security Update 2008-001 File : nvt/macosx_upd_10_5_2_secupd_2008-001.nasl |
2010-02-15 | Name : Solaris Update for Samba 114685-15 File : nvt/gb_solaris_114685_15.nasl |
2010-02-15 | Name : Solaris Update for Samba 114684-15 File : nvt/gb_solaris_114684_15.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : Solaris Update for Samba 119758-16 File : nvt/gb_solaris_119758_16.nasl |
2009-10-13 | Name : Solaris Update for Samba 119757-16 File : nvt/gb_solaris_119757_16.nasl |
2009-10-13 | Name : Solaris Update for Samba 114685-14 File : nvt/gb_solaris_114685_14.nasl |
2009-10-13 | Name : Solaris Update for Samba 114684-14 File : nvt/gb_solaris_114684_14.nasl |
2009-10-10 | Name : SLES9: Security update for Samba File : nvt/sles9p5018048.nasl |
2009-10-10 | Name : SLES9: Security update for Samba File : nvt/sles9p5013978.nasl |
2009-09-23 | Name : Solaris Update for Samba 119758-15 File : nvt/gb_solaris_119758_15.nasl |
2009-09-23 | Name : Solaris Update for Samba 119757-15 File : nvt/gb_solaris_119757_15.nasl |
2009-06-03 | Name : Solaris Update for Samba 119758-14 File : nvt/gb_solaris_119758_14.nasl |
2009-06-03 | Name : Solaris Update for Samba 114684-13 File : nvt/gb_solaris_114684_13.nasl |
2009-06-03 | Name : Solaris Update for Samba 119757-14 File : nvt/gb_solaris_119757_14.nasl |
2009-06-03 | Name : Solaris Update for Samba 114685-13 File : nvt/gb_solaris_114685_13.nasl |
2009-05-05 | Name : HP-UX Update for HP CIFS Server (Samba) HPSBUX02316 File : nvt/gb_hp_ux_HPSBUX02316.nasl |
2009-05-05 | Name : HP-UX Update for HP CIFS Server (Samba) HPSBUX02341 File : nvt/gb_hp_ux_HPSBUX02341.nasl |
2009-04-09 | Name : Mandriva Update for samba MDKSA-2007:244 (samba) File : nvt/gb_mandriva_MDKSA_2007_244.nasl |
2009-03-23 | Name : Ubuntu Update for samba vulnerability USN-556-1 File : nvt/gb_ubuntu_USN_556_1.nasl |
2009-03-06 | Name : RedHat Update for samba RHSA-2007:1114-01 File : nvt/gb_RHSA-2007_1114-01_samba.nasl |
2009-02-27 | Name : Fedora Update for samba FEDORA-2007-4275 File : nvt/gb_fedora_2007_4275_samba_fc8.nasl |
2009-02-27 | Name : Fedora Update for samba FEDORA-2007-4269 File : nvt/gb_fedora_2007_4269_samba_fc7.nasl |
2009-02-27 | Name : CentOS Update for samba CESA-2007:1114 centos3 x86_64 File : nvt/gb_CESA-2007_1114_samba_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for samba CESA-2007:1114 centos3 i386 File : nvt/gb_CESA-2007_1114_samba_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for samba CESA-2007:1114-01 centos2 i386 File : nvt/gb_CESA-2007_1114-01_samba_centos2_i386.nasl |
2009-02-17 | Name : Fedora Update for samba FEDORA-2008-4679 File : nvt/gb_fedora_2008_4679_samba_fc8.nasl |
2009-02-16 | Name : Fedora Update for samba FEDORA-2008-10638 File : nvt/gb_fedora_2008_10638_samba_fc8.nasl |
2009-01-28 | Name : SuSE Update for samba SUSE-SA:2007:068 File : nvt/gb_suse_2007_068.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200712-10 (samba) File : nvt/glsa_200712_10.nasl |
2008-09-04 | Name : FreeBSD Ports: samba, samba3, ja-samba File : nvt/freebsd_samba13.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1427-1 (samba) File : nvt/deb_1427_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-344-01 samba File : nvt/esoft_slk_ssa_2007_344_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
39191 | Samba nmdb send_mailslot() Function GETDC mailslot Request Remote Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Samba send_mailslot buffer overflow attempt RuleID : 17661 - Revision : 10 - Type : SERVER-SAMBA |
2014-01-10 | Samba send_mailslot buffer overflow attempt RuleID : 13291 - Revision : 11 - Type : SERVER-SAMBA |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1114.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1117.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071210_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12002.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0003.nasl - Type : ACT_GATHER_INFO |
2008-02-12 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_2.nasl - Type : ACT_GATHER_INFO |
2008-02-12 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-001.nasl - Type : ACT_GATHER_INFO |
2007-12-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-556-1.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_cifs-mount-4780.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ffcbd42da8c511dcbec202e0185f8d72.nasl - Type : ACT_GATHER_INFO |
2007-12-12 | Name : The remote openSUSE host is missing a security update. File : suse_cifs-mount-4777.nasl - Type : ACT_GATHER_INFO |
2007-12-12 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-244.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1114.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-344-01.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200712-10.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4275.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4269.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1427.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1114.nasl - Type : ACT_GATHER_INFO |
2007-12-10 | Name : The remote Samba server may be affected by a buffer overflow vulnerability. File : samba_3_0_28.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114684-17 File : solaris9_114684.nasl - Type : ACT_GATHER_INFO |
2004-07-12 | Name : The remote host is missing Sun Security Patch number 114685-17 File : solaris9_x86_114685.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:04:50 |
|