NVD Vulnerability Detail

CVE-2007-2446

Summary	Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
Summary	Múltiples desbordamientos de búfer en la región heap de la memoria en el análisis NDR en smbd en Samba versión 3.0.0 hasta 3.0.25rc3 permiten que los atacantes remotos ejecuten código arbitrario por medio de peticiones MS-RPC creadas que involucran (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), o (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_name).
Publication Date	May 15, 2007, 6:19 a.m.
Registration Date	Jan. 29, 2021, 2:12 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	10.0
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:samba:samba:3.0.0:::::::*
cpe:2.3:a:samba:samba:3.0.1:::::::*
cpe:2.3:a:samba:samba:3.0.2:::::::*
cpe:2.3:a:samba:samba:3.0.2a:::::::*
cpe:2.3:a:samba:samba:3.0.10:::::::*
cpe:2.3:a:samba:samba:3.0.11:::::::*
cpe:2.3:a:samba:samba:3.0.12:::::::*
cpe:2.3:a:samba:samba:3.0.13:::::::*
cpe:2.3:a:samba:samba:3.0.14:::::::*
cpe:2.3:a:samba:samba:3.0.14a:::::::*
cpe:2.3:a:samba:samba:3.0.15:::::::*
cpe:2.3:a:samba:samba:3.0.16:::::::*
cpe:2.3:a:samba:samba:3.0.17:::::::*
cpe:2.3:a:samba:samba:3.0.18:::::::*
cpe:2.3:a:samba:samba:3.0.19:::::::*
cpe:2.3:a:samba:samba:3.0.20:::::::*
cpe:2.3:a:samba:samba:3.0.20a:::::::*
cpe:2.3:a:samba:samba:3.0.20b:::::::*
cpe:2.3:a:samba:samba:3.0.21:::::::*
cpe:2.3:a:samba:samba:3.0.21a:::::::*
cpe:2.3:a:samba:samba:3.0.21b:::::::*
cpe:2.3:a:samba:samba:3.0.21c:::::::*
cpe:2.3:a:samba:samba:3.0.22:::::::*
cpe:2.3:a:samba:samba:3.0.23:::::::*
cpe:2.3:a:samba:samba:3.0.23a:::::::*
cpe:2.3:a:samba:samba:3.0.23b:::::::*
cpe:2.3:a:samba:samba:3.0.23c:::::::*
cpe:2.3:a:samba:samba:3.0.23d:::::::*
cpe:2.3:a:samba:samba:3.0.24:::::::*
cpe:2.3:a:samba:samba:3.0.25:pre1::::::
cpe:2.3:a:samba:samba:3.0.25:pre2::::::
cpe:2.3:a:samba:samba:3.0.25:rc1::::::
cpe:2.3:a:samba:samba:3.0.25:rc2::::::
cpe:2.3:a:samba:samba:3.0.25:rc3::::::

Related information, measures and tools

No	URL	refsource
1	http://docs.info.apple.com/article.html?artnum=306172	secalert@redhat.com
2	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768	secalert@redhat.com
3	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980	secalert@redhat.com
4	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	secalert@redhat.com
5	http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html	secalert@redhat.com
6	http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html	secalert@redhat.com
7	http://osvdb.org/34699	secalert@redhat.com
8	http://osvdb.org/34731	secalert@redhat.com
9	http://osvdb.org/34733	secalert@redhat.com
10	http://secunia.com/advisories/25232	secalert@redhat.com
11	http://secunia.com/advisories/25241	secalert@redhat.com
12	http://secunia.com/advisories/25246	secalert@redhat.com
13	http://secunia.com/advisories/25251	secalert@redhat.com
14	http://secunia.com/advisories/25255	secalert@redhat.com
15	http://secunia.com/advisories/25256	secalert@redhat.com
16	http://secunia.com/advisories/25257	secalert@redhat.com
17	http://secunia.com/advisories/25259	secalert@redhat.com
18	http://secunia.com/advisories/25270	secalert@redhat.com
19	http://secunia.com/advisories/25289	secalert@redhat.com
20	http://secunia.com/advisories/25391/	secalert@redhat.com
21	http://secunia.com/advisories/25567	secalert@redhat.com
22	http://secunia.com/advisories/25675	secalert@redhat.com
23	http://secunia.com/advisories/25772	secalert@redhat.com
24	http://secunia.com/advisories/26235	secalert@redhat.com
25	http://secunia.com/advisories/26909	secalert@redhat.com
26	http://secunia.com/advisories/27706	secalert@redhat.com
27	http://secunia.com/advisories/28292	secalert@redhat.com
28	http://security.gentoo.org/glsa/glsa-200705-15.xml	secalert@redhat.com
29	http://securityreason.com/securityalert/2702	secalert@redhat.com
30	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906	secalert@redhat.com
31	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1	secalert@redhat.com
32	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1	secalert@redhat.com
33	http://www.debian.org/security/2007/dsa-1291	secalert@redhat.com
34	http://www.kb.cert.org/vuls/id/773720	secalert@redhat.com
35	http://www.mandriva.com/security/advisories?name=MDKSA-2007:104	secalert@redhat.com
36	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html	secalert@redhat.com
37	http://www.osvdb.org/34732	secalert@redhat.com
38	http://www.redhat.com/support/errata/RHSA-2007-0354.html	secalert@redhat.com
39	http://www.samba.org/samba/security/CVE-2007-2446.html	secalert@redhat.com
40	http://www.securityfocus.com/archive/1/468542/100/0/threaded	secalert@redhat.com
41	http://www.securityfocus.com/archive/1/468670/100/0/threaded	secalert@redhat.com
42	http://www.securityfocus.com/archive/1/468672/100/0/threaded	secalert@redhat.com
43	http://www.securityfocus.com/archive/1/468673/100/0/threaded	secalert@redhat.com
44	http://www.securityfocus.com/archive/1/468674/100/0/threaded	secalert@redhat.com
45	http://www.securityfocus.com/archive/1/468675/100/0/threaded	secalert@redhat.com
46	http://www.securityfocus.com/archive/1/468680/100/0/threaded	secalert@redhat.com
47	http://www.securityfocus.com/bid/23973	secalert@redhat.com
48	http://www.securityfocus.com/bid/24195	secalert@redhat.com
49	http://www.securityfocus.com/bid/24196	secalert@redhat.com
50	http://www.securityfocus.com/bid/24197	secalert@redhat.com
51	http://www.securityfocus.com/bid/24198	secalert@redhat.com
52	http://www.securityfocus.com/bid/25159	secalert@redhat.com
53	http://www.securitytracker.com/id?1018050	secalert@redhat.com
54	http://www.trustix.org/errata/2007/0017/	secalert@redhat.com
55	http://www.ubuntu.com/usn/usn-460-1	secalert@redhat.com
56	http://www.vupen.com/english/advisories/2007/1805	secalert@redhat.com
57	http://www.vupen.com/english/advisories/2007/2079	secalert@redhat.com
58	http://www.vupen.com/english/advisories/2007/2210	secalert@redhat.com
59	http://www.vupen.com/english/advisories/2007/2281	secalert@redhat.com
60	http://www.vupen.com/english/advisories/2007/2732	secalert@redhat.com
61	http://www.vupen.com/english/advisories/2007/3229	secalert@redhat.com
62	http://www.vupen.com/english/advisories/2008/0050	secalert@redhat.com
63	http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf	secalert@redhat.com
64	http://www.zerodayinitiative.com/advisories/ZDI-07-029.html	secalert@redhat.com
65	http://www.zerodayinitiative.com/advisories/ZDI-07-030.html	secalert@redhat.com
66	http://www.zerodayinitiative.com/advisories/ZDI-07-031.html	secalert@redhat.com
67	http://www.zerodayinitiative.com/advisories/ZDI-07-032.html	secalert@redhat.com
68	http://www.zerodayinitiative.com/advisories/ZDI-07-033.html	secalert@redhat.com
69	https://exchange.xforce.ibmcloud.com/vulnerabilities/34309	secalert@redhat.com
70	https://exchange.xforce.ibmcloud.com/vulnerabilities/34311	secalert@redhat.com
71	https://exchange.xforce.ibmcloud.com/vulnerabilities/34312	secalert@redhat.com
72	https://exchange.xforce.ibmcloud.com/vulnerabilities/34314	secalert@redhat.com
73	https://exchange.xforce.ibmcloud.com/vulnerabilities/34316	secalert@redhat.com
74	https://issues.rpath.com/browse/RPL-1366	secalert@redhat.com
75	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11415	secalert@redhat.com
76	http://docs.info.apple.com/article.html?artnum=306172	af854a3a-2127-422b-91ae-364da2661108
77	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768	af854a3a-2127-422b-91ae-364da2661108
78	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980	af854a3a-2127-422b-91ae-364da2661108
79	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
80	http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html	af854a3a-2127-422b-91ae-364da2661108
81	http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html	af854a3a-2127-422b-91ae-364da2661108
82	http://osvdb.org/34699	af854a3a-2127-422b-91ae-364da2661108
83	http://osvdb.org/34731	af854a3a-2127-422b-91ae-364da2661108
84	http://osvdb.org/34733	af854a3a-2127-422b-91ae-364da2661108
85	http://secunia.com/advisories/25232	af854a3a-2127-422b-91ae-364da2661108
86	http://secunia.com/advisories/25241	af854a3a-2127-422b-91ae-364da2661108
87	http://secunia.com/advisories/25246	af854a3a-2127-422b-91ae-364da2661108
88	http://secunia.com/advisories/25251	af854a3a-2127-422b-91ae-364da2661108
89	http://secunia.com/advisories/25255	af854a3a-2127-422b-91ae-364da2661108
90	http://secunia.com/advisories/25256	af854a3a-2127-422b-91ae-364da2661108
91	http://secunia.com/advisories/25257	af854a3a-2127-422b-91ae-364da2661108
92	http://secunia.com/advisories/25259	af854a3a-2127-422b-91ae-364da2661108
93	http://secunia.com/advisories/25270	af854a3a-2127-422b-91ae-364da2661108
94	http://secunia.com/advisories/25289	af854a3a-2127-422b-91ae-364da2661108
95	http://secunia.com/advisories/25391/	af854a3a-2127-422b-91ae-364da2661108
96	http://secunia.com/advisories/25567	af854a3a-2127-422b-91ae-364da2661108
97	http://secunia.com/advisories/25675	af854a3a-2127-422b-91ae-364da2661108
98	http://secunia.com/advisories/25772	af854a3a-2127-422b-91ae-364da2661108
99	http://secunia.com/advisories/26235	af854a3a-2127-422b-91ae-364da2661108
100	http://secunia.com/advisories/26909	af854a3a-2127-422b-91ae-364da2661108
101	http://secunia.com/advisories/27706	af854a3a-2127-422b-91ae-364da2661108
102	http://secunia.com/advisories/28292	af854a3a-2127-422b-91ae-364da2661108
103	http://security.gentoo.org/glsa/glsa-200705-15.xml	af854a3a-2127-422b-91ae-364da2661108
104	http://securityreason.com/securityalert/2702	af854a3a-2127-422b-91ae-364da2661108
105	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906	af854a3a-2127-422b-91ae-364da2661108
106	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1	af854a3a-2127-422b-91ae-364da2661108
107	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1	af854a3a-2127-422b-91ae-364da2661108
108	http://www.debian.org/security/2007/dsa-1291	af854a3a-2127-422b-91ae-364da2661108
109	http://www.kb.cert.org/vuls/id/773720	af854a3a-2127-422b-91ae-364da2661108
110	http://www.mandriva.com/security/advisories?name=MDKSA-2007:104	af854a3a-2127-422b-91ae-364da2661108
111	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html	af854a3a-2127-422b-91ae-364da2661108
112	http://www.osvdb.org/34732	af854a3a-2127-422b-91ae-364da2661108
113	http://www.redhat.com/support/errata/RHSA-2007-0354.html	af854a3a-2127-422b-91ae-364da2661108
114	http://www.samba.org/samba/security/CVE-2007-2446.html	af854a3a-2127-422b-91ae-364da2661108
115	http://www.securityfocus.com/archive/1/468542/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
116	http://www.securityfocus.com/archive/1/468670/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
117	http://www.securityfocus.com/archive/1/468672/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
118	http://www.securityfocus.com/archive/1/468673/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
119	http://www.securityfocus.com/archive/1/468674/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
120	http://www.securityfocus.com/archive/1/468675/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
121	http://www.securityfocus.com/archive/1/468680/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
122	http://www.securityfocus.com/bid/23973	af854a3a-2127-422b-91ae-364da2661108
123	http://www.securityfocus.com/bid/24195	af854a3a-2127-422b-91ae-364da2661108
124	http://www.securityfocus.com/bid/24196	af854a3a-2127-422b-91ae-364da2661108
125	http://www.securityfocus.com/bid/24197	af854a3a-2127-422b-91ae-364da2661108
126	http://www.securityfocus.com/bid/24198	af854a3a-2127-422b-91ae-364da2661108
127	http://www.securityfocus.com/bid/25159	af854a3a-2127-422b-91ae-364da2661108
128	http://www.securitytracker.com/id?1018050	af854a3a-2127-422b-91ae-364da2661108
129	http://www.trustix.org/errata/2007/0017/	af854a3a-2127-422b-91ae-364da2661108
130	http://www.ubuntu.com/usn/usn-460-1	af854a3a-2127-422b-91ae-364da2661108
131	http://www.vupen.com/english/advisories/2007/1805	af854a3a-2127-422b-91ae-364da2661108
132	http://www.vupen.com/english/advisories/2007/2079	af854a3a-2127-422b-91ae-364da2661108
133	http://www.vupen.com/english/advisories/2007/2210	af854a3a-2127-422b-91ae-364da2661108
134	http://www.vupen.com/english/advisories/2007/2281	af854a3a-2127-422b-91ae-364da2661108
135	http://www.vupen.com/english/advisories/2007/2732	af854a3a-2127-422b-91ae-364da2661108
136	http://www.vupen.com/english/advisories/2007/3229	af854a3a-2127-422b-91ae-364da2661108
137	http://www.vupen.com/english/advisories/2008/0050	af854a3a-2127-422b-91ae-364da2661108
138	http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf	af854a3a-2127-422b-91ae-364da2661108
139	http://www.zerodayinitiative.com/advisories/ZDI-07-029.html	af854a3a-2127-422b-91ae-364da2661108
140	http://www.zerodayinitiative.com/advisories/ZDI-07-030.html	af854a3a-2127-422b-91ae-364da2661108
141	http://www.zerodayinitiative.com/advisories/ZDI-07-031.html	af854a3a-2127-422b-91ae-364da2661108
142	http://www.zerodayinitiative.com/advisories/ZDI-07-032.html	af854a3a-2127-422b-91ae-364da2661108
143	http://www.zerodayinitiative.com/advisories/ZDI-07-033.html	af854a3a-2127-422b-91ae-364da2661108
144	https://exchange.xforce.ibmcloud.com/vulnerabilities/34309	af854a3a-2127-422b-91ae-364da2661108
145	https://exchange.xforce.ibmcloud.com/vulnerabilities/34311	af854a3a-2127-422b-91ae-364da2661108
146	https://exchange.xforce.ibmcloud.com/vulnerabilities/34312	af854a3a-2127-422b-91ae-364da2661108
147	https://exchange.xforce.ibmcloud.com/vulnerabilities/34314	af854a3a-2127-422b-91ae-364da2661108
148	https://exchange.xforce.ibmcloud.com/vulnerabilities/34316	af854a3a-2127-422b-91ae-364da2661108
149	https://issues.rpath.com/browse/RPL-1366	af854a3a-2127-422b-91ae-364da2661108
150	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11415	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:samba:samba:3.0.0:::::::*
cpe:2.3:a:samba:samba:3.0.1:::::::*
cpe:2.3:a:samba:samba:3.0.2:::::::*
cpe:2.3:a:samba:samba:3.0.2a:::::::*
cpe:2.3:a:samba:samba:3.0.10:::::::*
cpe:2.3:a:samba:samba:3.0.11:::::::*
cpe:2.3:a:samba:samba:3.0.12:::::::*
cpe:2.3:a:samba:samba:3.0.13:::::::*
cpe:2.3:a:samba:samba:3.0.14:::::::*
cpe:2.3:a:samba:samba:3.0.14a:::::::*
cpe:2.3:a:samba:samba:3.0.15:::::::*
cpe:2.3:a:samba:samba:3.0.16:::::::*
cpe:2.3:a:samba:samba:3.0.17:::::::*
cpe:2.3:a:samba:samba:3.0.18:::::::*
cpe:2.3:a:samba:samba:3.0.19:::::::*
cpe:2.3:a:samba:samba:3.0.20:::::::*
cpe:2.3:a:samba:samba:3.0.20a:::::::*
cpe:2.3:a:samba:samba:3.0.20b:::::::*
cpe:2.3:a:samba:samba:3.0.21:::::::*
cpe:2.3:a:samba:samba:3.0.21a:::::::*
cpe:2.3:a:samba:samba:3.0.21b:::::::*
cpe:2.3:a:samba:samba:3.0.21c:::::::*
cpe:2.3:a:samba:samba:3.0.22:::::::*
cpe:2.3:a:samba:samba:3.0.23:::::::*
cpe:2.3:a:samba:samba:3.0.23a:::::::*
cpe:2.3:a:samba:samba:3.0.23b:::::::*
cpe:2.3:a:samba:samba:3.0.23c:::::::*
cpe:2.3:a:samba:samba:3.0.23d:::::::*
cpe:2.3:a:samba:samba:3.0.24:::::::*
cpe:2.3:a:samba:samba:3.0.25:pre1::::::
cpe:2.3:a:samba:samba:3.0.25:pre2::::::
cpe:2.3:a:samba:samba:3.0.25:rc1::::::
cpe:2.3:a:samba:samba:3.0.25:rc2::::::
cpe:2.3:a:samba:samba:3.0.25:rc3::::::