CVE-2007-6015

Published: Dec 13, 2007Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

Affected (61)

Products: Samba: Samba

1 product

Configuration A

61 vulnerable

Vulnerable Software	Affected Versions
Samba Samba	Version 2.0.10
Samba Samba	Version 2.0.1
Samba Samba	Version 2.0.2
Samba Samba	Version 2.0.3
Samba Samba	Version 2.0.4
Samba Samba	Version 2.0.5
Samba Samba	Version 2.0.6
Samba Samba	Version 2.0.7
Samba Samba	Version 2.0.8
Samba Samba	Version 2.0.9
Samba Samba	Version 2.2.0
Samba Samba	Version 2.2.0a
Samba Samba	Version 2.2.11
Samba Samba	Version 2.2.12
Samba Samba	Version 2.2.1a
Samba Samba	Version 2.2.2
Samba Samba	Version 2.2.3
Samba Samba	Version 2.2.3a
Samba Samba	Version 2.2.4
Samba Samba	Version 2.2.5
Samba Samba	Version 2.2.6
Samba Samba	Version 2.2.7
Samba Samba	Version 2.2.7a
Samba Samba	Version 2.2.8
Samba Samba	Version 2.2.8a
Samba Samba	Version 2.2.9
Samba Samba	Version 3.0.0
Samba Samba	Version 3.0.10
Samba Samba	Version 3.0.11
Samba Samba	Version 3.0.12
Samba Samba	Version 3.0.13
Samba Samba	Version 3.0.14
Samba Samba	Version 3.0.14a
Samba Samba	Version 3.0.1
Samba Samba	Version 3.0.20
Samba Samba	Version 3.0.20a
Samba Samba	Version 3.0.20b
Samba Samba	Version 3.0.21
Samba Samba	Version 3.0.21a
Samba Samba	Version 3.0.21b
Samba Samba	Version 3.0.21c
Samba Samba	Version 3.0.22
Samba Samba	Version 3.0.23a
Samba Samba	Version 3.0.23b
Samba Samba	Version 3.0.23c
Samba Samba	Version 3.0.23d
Samba Samba	Version 3.0.24
Samba Samba	Version 3.0.25
Samba Samba	Version 3.0.25 pre1
Samba Samba	Version 3.0.25 pre2
Samba Samba	Version 3.0.25 rc1
Samba Samba	Version 3.0.25 rc2
Samba Samba	Version 3.0.25 rc3
Samba Samba	Version 3.0.25a
Samba Samba	Version 3.0.25b
Samba Samba	Version 3.0.25c
Samba Samba	Version 3.0.26
Samba Samba	Version 3.0.26a
Samba Samba	Version 3.0.27
Samba Samba	Version 3.0.2
Samba Samba	Version 3.0.2a

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (114)

http://bugs.gentoo.org/show_bug.cgi?id=200773

Source: PSIRT-CNA@flexerasoftware.com

http://docs.info.apple.com/article.html?artnum=307430

Source: PSIRT-CNA@flexerasoftware.com

http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html

Source: PSIRT-CNA@flexerasoftware.com

http://lists.vmware.com/pipermail/security-announce/2008/000005.html

Source: PSIRT-CNA@flexerasoftware.com

http://marc.info/?l=bugtraq&m=120524782005154&w=2

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27760

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/advisories/27894

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27977

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27993

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/27999

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/28003

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/28028

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/28029

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/28037

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/28067

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/28089

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/28891

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/29032

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/29341

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/30484

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/30835

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/secunia_research/2007-99/advisory/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200712-10.xml

Source: PSIRT-CNA@flexerasoftware.com

http://securityreason.com/securityalert/3438

Source: PSIRT-CNA@flexerasoftware.com

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554

Source: PSIRT-CNA@flexerasoftware.com

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1

Source: PSIRT-CNA@flexerasoftware.com

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1

Source: PSIRT-CNA@flexerasoftware.com

http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm

Source: PSIRT-CNA@flexerasoftware.com

http://www.debian.org/security/2007/dsa-1427

Source: PSIRT-CNA@flexerasoftware.com

http://www.kb.cert.org/vuls/id/438395

Source: PSIRT-CNA@flexerasoftware.com

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2007:244

Source: PSIRT-CNA@flexerasoftware.com

http://www.novell.com/linux/security/advisories/2007_68_samba.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.redhat.com/support/errata/RHSA-2007-1114.html

Source: PSIRT-CNA@flexerasoftware.com

Patch

http://www.redhat.com/support/errata/RHSA-2007-1117.html

Source: PSIRT-CNA@flexerasoftware.com

http://www.samba.org/samba/security/CVE-2007-6015.html

Source: PSIRT-CNA@flexerasoftware.com

Patch

http://www.securityfocus.com/archive/1/484818/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/484825/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/484827/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/485144/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/488457/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/bid/26791

Source: PSIRT-CNA@flexerasoftware.com

http://www.securitytracker.com/id?1019065

Source: PSIRT-CNA@flexerasoftware.com

http://www.ubuntu.com/usn/usn-556-1

Source: PSIRT-CNA@flexerasoftware.com

http://www.us-cert.gov/cas/techalerts/TA08-043B.html

Source: PSIRT-CNA@flexerasoftware.com

US Government Resource

http://www.vupen.com/english/advisories/2007/4153

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2008/0495/references

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2008/0637

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2008/0859/references

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2008/1712/references

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2008/1908

Source: PSIRT-CNA@flexerasoftware.com

http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657

Source: PSIRT-CNA@flexerasoftware.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/38965

Source: PSIRT-CNA@flexerasoftware.com

https://issues.rpath.com/browse/RPL-1976

Source: PSIRT-CNA@flexerasoftware.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572

Source: PSIRT-CNA@flexerasoftware.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605

Source: PSIRT-CNA@flexerasoftware.com

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html

Source: PSIRT-CNA@flexerasoftware.com

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html

Source: PSIRT-CNA@flexerasoftware.com

http://bugs.gentoo.org/show_bug.cgi?id=200773

Source: af854a3a-2127-422b-91ae-364da2661108

http://docs.info.apple.com/article.html?artnum=307430

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.vmware.com/pipermail/security-announce/2008/000005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=120524782005154&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27760

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/27894

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27977

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27993

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27999

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28003

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28028

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28029

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28037

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28067

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28089

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28891

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29032

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29341

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30484

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30835

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/secunia_research/2007-99/advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200712-10.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/3438

Source: af854a3a-2127-422b-91ae-364da2661108

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2007/dsa-1427

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/438395

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.mandriva.com/security/advisories?name=MDKSA-2007:244

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2007_68_samba.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-1114.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.redhat.com/support/errata/RHSA-2007-1117.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.samba.org/samba/security/CVE-2007-6015.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/archive/1/484818/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/484825/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/484827/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/485144/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/488457/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/26791

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1019065

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-556-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA08-043B.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2007/4153

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/0495/references

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/0637

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/0859/references

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/1712/references

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/1908

Source: af854a3a-2127-422b-91ae-364da2661108

http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/38965

Source: af854a3a-2127-422b-91ae-364da2661108

https://issues.rpath.com/browse/RPL-1976

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.