CVE-2007-6015

Samba <3.0.27a - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

Exploits (1)

exploitdb WORKING POC VERIFIED

by x86 · cdoslinux

https://www.exploit-db.com/exploits/4732

View Code ZIP pw:eip

References (57)

[Issue Tracking] http://bugs.gentoo.org/show_bug.cgi?id=200773

[Vendor Advisory] http://docs.info.apple.com/article.html?artnum=307430

[Mailing List] http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html

[Various Sources] http://lists.vmware.com/pipermail/security-announce/2008/000005.html

[Mailing List] http://marc.info/?l=bugtraq&m=120524782005154&w=2

[Vendor Advisory] http://secunia.com/advisories/27760

[Vendor Advisory] http://secunia.com/secunia_research/2007-99/advisory/

[Vendor Advisory] http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm

[US Government Resource] http://www.kb.cert.org/vuls/id/438395

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2007:244

[Patch] http://www.redhat.com/support/errata/RHSA-2007-1114.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2007-1117.html

[Patch] http://www.samba.org/samba/security/CVE-2007-6015.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019065

[Vendor Advisory] http://www.ubuntu.com/usn/usn-556-1

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA08-043B.html

[Various Sources] http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657

... and 37 more

Scores

EPSS 0.4886

EPSS Percentile 97.8%

Details

CWE

CWE-119

Status published

Products (50)

samba/samba 2.0.1

samba/samba 2.0.2

samba/samba 2.0.3

samba/samba 2.0.4

samba/samba 2.0.5

samba/samba 2.0.6

samba/samba 2.0.7

samba/samba 2.0.8

samba/samba 2.0.9

samba/samba 2.0.10

... and 40 more

Published Dec 13, 2007

Tracked Since Feb 18, 2026