Exploitation Summary
EIP tracks 9 public exploits for CVE-2007-2446.
PoCs published by Metasploit, Adriano Lima, hdm, including Metasploit module auxiliary/dos/samba/lsa_transnames_heap.
AI-analyzed exploit summary This is a Metasploit module exploiting a heap overflow in Samba's LSA RPC service (CVE-2007-2446). It uses the TALLOC chunk overwrite method to achieve remote code execution on vulnerable Samba versions (3.0.21-3.0.24).
Description
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
Exploits (9)
This is a Metasploit module exploiting a heap overflow in Samba's LSA RPC service (CVE-2007-2446). It uses the TALLOC chunk overwrite method to achieve remote code execution on vulnerable Samba versions (3.0.21-3.0.24).
This exploit triggers a heap overflow in the LSA RPC service of Samba versions 3.0.21-3.0.24 by overwriting TALLOC chunks, leading to remote code execution. It uses a brute-force approach to target specific memory addresses on Solaris systems.
This Metasploit module exploits a heap overflow in Samba's LSA RPC service (CVE-2007-2446) by manipulating the szone_free() function to overwrite memory structures, leading to arbitrary code execution on vulnerable Mac OS X systems running Samba 3.0.10.
This Metasploit module exploits a heap overflow in Samba's LSA RPC service (CVE-2007-2446) via the TALLOC chunk overwrite method, targeting specific Linux distributions with brute-force return address guessing.
This Metasploit module exploits a heap overflow vulnerability in the LSA RPC service of Samba (CVE-2007-2446) by sending a maliciously crafted DCERPC request to trigger a denial-of-service (DoS) condition. The exploit targets the `LsarLookupSids` function with an oversized buffer to crash the service.
This Metasploit module exploits a heap overflow in the LSA RPC service of Samba (CVE-2007-2446) by sending a malformed DCERPC request to trigger a denial-of-service (DoS) condition. The exploit targets the `LsarAddPrivilegesToAccount` function with a crafted stub to overflow the heap.
This Metasploit module exploits a heap overflow in Samba's LSA RPC service (CVE-2007-2446) via a TALLOC chunk overwrite, targeting Samba versions 3.0.21-3.0.24 on Solaris. It uses brute-force return address targeting to achieve remote code execution.
This Metasploit module exploits a heap overflow in Samba's LSA RPC service (CVE-2007-2446) using the TALLOC chunk overwrite method, targeting specific Linux distributions and versions (3.0.21-3.0.24). It includes brute-force techniques for various memory layouts and architectures.
This Metasploit module exploits a heap overflow in Samba's LSA RPC service (CVE-2007-2446) by manipulating the `szone_free()` function to overwrite memory structures, leading to arbitrary code execution on macOS systems running Samba 3.0.10.