What is the severity of CVE-2007-5398?

CVE-2007-5398 has been assigned a medium severity rating due to its potential to allow remote code execution.

How do I fix CVE-2007-5398?

To fix CVE-2007-5398, update your Samba installation to version 3.0.26b or higher.

What software is affected by CVE-2007-5398?

CVE-2007-5398 affects Samba versions from 3.0.0 through 3.0.26a when configured as a WINS server.

What type of vulnerability is CVE-2007-5398?

CVE-2007-5398 is classified as a stack-based buffer overflow vulnerability.

Can attackers exploit CVE-2007-5398 remotely?

Yes, attackers can exploit CVE-2007-5398 remotely through crafted WINS Name Registration requests.

Vulnerability/
CVE-2007-5398

critical

9.3

CWE

119

16/11/2007

7/8/2024

CVE-2007-5398: Buffer Overflow

First published: Fri Nov 16 2007(Updated: )

Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.

Credit: PSIRT-CNA@flexerasoftware.com

Affected Software	Affected Version	How to fix
Samba	=3.0.0
Samba	=3.0.1
Samba	=3.0.2
Samba	=3.0.2a
Samba	=3.0.3
Samba	=3.0.4
Samba	=3.0.4-rc1
Samba	=3.0.5
Samba	=3.0.6
Samba	=3.0.7
Samba	=3.0.8
Samba	=3.0.9
Samba	=3.0.10
Samba	=3.0.11
Samba	=3.0.12
Samba	=3.0.13
Samba	=3.0.14
Samba	=3.0.14a
Samba	=3.0.15
Samba	=3.0.16
Samba	=3.0.17
Samba	=3.0.18
Samba	=3.0.19
Samba	=3.0.20
Samba	=3.0.20a
Samba	=3.0.20b
Samba	=3.0.21
Samba	=3.0.21a
Samba	=3.0.21b
Samba	=3.0.21c
Samba	=3.0.22
Samba	=3.0.23
Samba	=3.0.23a
Samba	=3.0.23b
Samba	=3.0.23c
Samba	=3.0.23d
Samba	=3.0.24
Samba	=3.0.25
Samba	=3.0.25-pre1
Samba	=3.0.25-pre2
Samba	=3.0.25-rc1
Samba	=3.0.25-rc2
Samba	=3.0.25-rc3
Samba	=3.0.25a
Samba	=3.0.25b
Samba	=3.0.25c
Samba	=3.0.26
Samba	=3.0.26a

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-5398?
CVE-2007-5398 has been assigned a medium severity rating due to its potential to allow remote code execution.
How do I fix CVE-2007-5398?
To fix CVE-2007-5398, update your Samba installation to version 3.0.26b or higher.
What software is affected by CVE-2007-5398?
CVE-2007-5398 affects Samba versions from 3.0.0 through 3.0.26a when configured as a WINS server.
What type of vulnerability is CVE-2007-5398?
CVE-2007-5398 is classified as a stack-based buffer overflow vulnerability.
Can attackers exploit CVE-2007-5398 remotely?
Yes, attackers can exploit CVE-2007-5398 remotely through crafted WINS Name Registration requests.

agent/softwarecombine
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/references
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/samba
canonical/samba
version/samba/3.0.0
version/samba/3.0.1
version/samba/3.0.2
version/samba/3.0.2a
version/samba/3.0.3
version/samba/3.0.4
version/samba/3.0.4-rc1
version/samba/3.0.5
version/samba/3.0.6
version/samba/3.0.7
version/samba/3.0.8
version/samba/3.0.9
version/samba/3.0.10
version/samba/3.0.11
version/samba/3.0.12
version/samba/3.0.13
version/samba/3.0.14
version/samba/3.0.14a
version/samba/3.0.15
version/samba/3.0.16
version/samba/3.0.17
version/samba/3.0.18
version/samba/3.0.19
version/samba/3.0.20
version/samba/3.0.20a
version/samba/3.0.20b
version/samba/3.0.21
version/samba/3.0.21a
version/samba/3.0.21b
version/samba/3.0.21c
version/samba/3.0.22
version/samba/3.0.23
version/samba/3.0.23a
version/samba/3.0.23b
version/samba/3.0.23c
version/samba/3.0.23d
version/samba/3.0.24
version/samba/3.0.25
version/samba/3.0.25-pre1
version/samba/3.0.25-pre2
version/samba/3.0.25-rc1
version/samba/3.0.25-rc2
version/samba/3.0.25-rc3
version/samba/3.0.25a
version/samba/3.0.25b
version/samba/3.0.25c
version/samba/3.0.26
version/samba/3.0.26a