Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0454

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

Published

2007-02-06T02:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-134

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	samba	samba	3.0.6	Yes
Application	samba	samba	3.0.7	Yes
Application	samba	samba	3.0.8	Yes
Application	samba	samba	3.0.9	Yes
Application	samba	samba	3.0.10	Yes
Application	samba	samba	3.0.11	Yes
Application	samba	samba	3.0.12	Yes
Application	samba	samba	3.0.13	Yes
Application	samba	samba	3.0.14	Yes
Application	samba	samba	3.0.14a	Yes
Application	samba	samba	3.0.20	Yes
Application	samba	samba	3.0.20a	Yes
Application	samba	samba	3.0.20b	Yes
Application	samba	samba	3.0.21	Yes
Application	samba	samba	3.0.21a	Yes
Application	samba	samba	3.0.21b	Yes
Application	samba	samba	3.0.21c	Yes
Application	samba	samba	3.0.22	Yes
Application	samba	samba	3.0.23d	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.0	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	debian	debian_linux	3.1	Yes
Operating System	mandrakesoft	mandrake_linux	2006	Yes
Operating System	mandrakesoft	mandrake_linux	2006	Yes
Operating System	mandrakesoft	mandrake_linux_corporate_server	3.0	Yes
Operating System	mandrakesoft	mandrake_linux_corporate_server	3.0	Yes
Operating System	mandrakesoft	mandrake_linux_corporate_server	4.0	Yes
Operating System	mandrakesoft	mandrake_linux_corporate_server	4.0	Yes
Operating System	mandrakesoft	mandrake_linuxsoft_2007	*	Yes
Operating System	mandrakesoft	mandrake_linuxsoft_2007	*	Yes

References

http://osvdb.org/33101 ([email protected])
http://secunia.com/advisories/24021 Vendor Advisory ([email protected])
http://secunia.com/advisories/24046 Vendor Advisory ([email protected])
http://secunia.com/advisories/24060 Vendor Advisory ([email protected])
http://secunia.com/advisories/24067 Vendor Advisory ([email protected])
http://secunia.com/advisories/24101 Vendor Advisory ([email protected])
http://secunia.com/advisories/24145 Vendor Advisory ([email protected])
http://secunia.com/advisories/24151 Vendor Advisory ([email protected])
http://securitytracker.com/id?1017588 ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 ([email protected])
http://us1.samba.org/samba/security/CVE-2007-0454.html ([email protected])
http://www.debian.org/security/2007/dsa-1257 ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml ([email protected])
http://www.kb.cert.org/vuls/id/649732 US Government Resource ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:034 ([email protected])
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html ([email protected])
http://www.securityfocus.com/archive/1/459179/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/459365/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/22403 Patch ([email protected])
http://www.trustix.org/errata/2007/0007 ([email protected])
http://www.ubuntu.com/usn/usn-419-1 ([email protected])
http://www.vupen.com/english/advisories/2007/0483 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/32304 ([email protected])
https://issues.rpath.com/browse/RPL-1005 ([email protected])
http://osvdb.org/33101 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24021 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24046 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24060 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24067 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24101 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24145 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/24151 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1017588 (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 (af854a3a-2127-422b-91ae-364da2661108)
http://us1.samba.org/samba/security/CVE-2007-0454.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2007/dsa-1257 (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/649732 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:034 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/459179/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/459365/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/22403 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.trustix.org/errata/2007/0007 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-419-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0483 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32304 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1005 (af854a3a-2127-422b-91ae-364da2661108)