CVE-2007-4572

Samba 3.0.0-3.0.26a - Stack-Based Buffer Overflow via GETDC Mailslot Requests

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.

References (50)

Core 50
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-544-2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27691
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-1016.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/544-1/
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018954
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=120524782005154&w=2
Vendor Advisory x_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307179
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4238
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30835
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29341
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28136
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30736
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3869
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27679
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27682
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27701
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-1013.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1908
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38501
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27720
Various Sources vendor-advisory x_refsource_hp
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30484
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485936/100/0/threaded
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1409
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27450
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27731
Various Sources mailing-list x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11132
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2007:224
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27787
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5643
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28368
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1894
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26454
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-617-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27927
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1712/references
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0859/references
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237764-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2007-1017.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0064
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2007_65_samba.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486859/100/0/threaded

Scores

EPSS 0.2148
EPSS Percentile 95.8%

Details

CWE
CWE-119
Status published
Products (42)
samba/samba 3.0.0
samba/samba 3.0.1
samba/samba 3.0.2
samba/samba 3.0.2a
samba/samba 3.0.3
samba/samba 3.0.4 (2 CPE variants)
samba/samba 3.0.5
samba/samba 3.0.6
samba/samba 3.0.7
samba/samba 3.0.8
... and 32 more
Published Nov 16, 2007
Tracked Since Feb 18, 2026