CVE-2007-6015: Buffer Overflow
First published: Thu Dec 13 2007(Updated: )
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | =2.0.1 | |
| Samba | =2.0.2 | |
| Samba | =2.0.3 | |
| Samba | =2.0.4 | |
| Samba | =2.0.5 | |
| Samba | =2.0.6 | |
| Samba | =2.0.7 | |
| Samba | =2.0.8 | |
| Samba | =2.0.9 | |
| Samba | =2.0.10 | |
| Samba | =2.2.0 | |
| Samba | =2.2.0a | |
| Samba | =2.2.1a | |
| Samba | =2.2.2 | |
| Samba | =2.2.3 | |
| Samba | =2.2.3a | |
| Samba | =2.2.4 | |
| Samba | =2.2.5 | |
| Samba | =2.2.6 | |
| Samba | =2.2.7 | |
| Samba | =2.2.7a | |
| Samba | =2.2.8 | |
| Samba | =2.2.8a | |
| Samba | =2.2.9 | |
| Samba | =2.2.11 | |
| Samba | =2.2.12 | |
| Samba | =3.0.0 | |
| Samba | =3.0.1 | |
| Samba | =3.0.2 | |
| Samba | =3.0.2a | |
| Samba | =3.0.10 | |
| Samba | =3.0.11 | |
| Samba | =3.0.12 | |
| Samba | =3.0.13 | |
| Samba | =3.0.14 | |
| Samba | =3.0.14a | |
| Samba | =3.0.20 | |
| Samba | =3.0.20a | |
| Samba | =3.0.20b | |
| Samba | =3.0.21 | |
| Samba | =3.0.21a | |
| Samba | =3.0.21b | |
| Samba | =3.0.21c | |
| Samba | =3.0.22 | |
| Samba | =3.0.23a | |
| Samba | =3.0.23b | |
| Samba | =3.0.23c | |
| Samba | =3.0.23d | |
| Samba | =3.0.24 | |
| Samba | =3.0.25 | |
| Samba | =3.0.25-pre1 | |
| Samba | =3.0.25-pre2 | |
| Samba | =3.0.25-rc1 | |
| Samba | =3.0.25-rc2 | |
| Samba | =3.0.25-rc3 | |
| Samba | =3.0.25a | |
| Samba | =3.0.25b | |
| Samba | =3.0.25c | |
| Samba | =3.0.26 | |
| Samba | =3.0.26a | |
| Samba | =3.0.27 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.gentoo.org/show_bug.cgi?id=200773
- http://docs.info.apple.com/article.html?artnum=307430
- http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html
- http://lists.vmware.com/pipermail/security-announce/2008/000005.html
- http://marc.info/?l=bugtraq&m=120524782005154&w=2
- http://secunia.com/advisories/27760
- http://secunia.com/advisories/27894
- http://secunia.com/advisories/27977
- http://secunia.com/advisories/27993
- http://secunia.com/advisories/27999
- http://secunia.com/advisories/28003
- http://secunia.com/advisories/28028
- http://secunia.com/advisories/28029
- http://secunia.com/advisories/28037
- http://secunia.com/advisories/28067
- http://secunia.com/advisories/28089
- http://secunia.com/advisories/28891
- http://secunia.com/advisories/29032
- http://secunia.com/advisories/29341
- http://secunia.com/advisories/30484
- http://secunia.com/advisories/30835
- http://secunia.com/secunia_research/2007-99/advisory/
- http://security.gentoo.org/glsa/glsa-200712-10.xml
- http://securityreason.com/securityalert/3438
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238251-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1019295.1-1
- http://support.avaya.com/elmodocs2/security/ASA-2007-520.htm
- http://www.debian.org/security/2007/dsa-1427
- http://www.kb.cert.org/vuls/id/438395
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:244
- http://www.novell.com/linux/security/advisories/2007_68_samba.html
- http://www.redhat.com/support/errata/RHSA-2007-1114.html
- http://www.redhat.com/support/errata/RHSA-2007-1117.html
- http://www.samba.org/samba/security/CVE-2007-6015.html
- http://www.securityfocus.com/archive/1/484818/100/0/threaded
- http://www.securityfocus.com/archive/1/484825/100/0/threaded
- http://www.securityfocus.com/archive/1/484827/100/0/threaded
- http://www.securityfocus.com/archive/1/485144/100/0/threaded
- http://www.securityfocus.com/archive/1/488457/100/0/threaded
- http://www.securityfocus.com/bid/26791
- http://www.securitytracker.com/id?1019065
- http://www.ubuntu.com/usn/usn-556-1
- http://www.us-cert.gov/cas/techalerts/TA08-043B.html
- http://www.vupen.com/english/advisories/2007/4153
- http://www.vupen.com/english/advisories/2008/0495/references
- http://www.vupen.com/english/advisories/2008/0637
- http://www.vupen.com/english/advisories/2008/0859/references
- http://www.vupen.com/english/advisories/2008/1712/references
- http://www.vupen.com/english/advisories/2008/1908
- http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38965
- https://issues.rpath.com/browse/RPL-1976
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11572
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5605
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00304.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00308.html
Frequently Asked Questions
What is the severity of CVE-2007-6015?
CVE-2007-6015 is considered a critical vulnerability due to the potential for remote code execution.
How do I fix CVE-2007-6015?
To fix CVE-2007-6015, upgrade to a patched version of Samba that is not vulnerable, such as version 3.0.27 or later.
What versions of Samba are affected by CVE-2007-6015?
CVE-2007-6015 affects Samba versions from 3.0.0 to 3.0.27a when the 'domain logons' option is enabled.
What is the impact of CVE-2007-6015?
The impact of CVE-2007-6015 includes the ability for remote attackers to execute arbitrary code on vulnerable systems.
Is CVE-2007-6015 remotely exploitable?
Yes, CVE-2007-6015 is remotely exploitable, allowing attackers to target systems over a network.
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/event
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/samba
- canonical/samba
- version/samba/2.0.1
- version/samba/2.0.2
- version/samba/2.0.3
- version/samba/2.0.4
- version/samba/2.0.5
- version/samba/2.0.6
- version/samba/2.0.7
- version/samba/2.0.8
- version/samba/2.0.9
- version/samba/2.0.10
- version/samba/2.2.0
- version/samba/2.2.0a
- version/samba/2.2.1a
- version/samba/2.2.2
- version/samba/2.2.3
- version/samba/2.2.3a
- version/samba/2.2.4
- version/samba/2.2.5
- version/samba/2.2.6
- version/samba/2.2.7
- version/samba/2.2.7a
- version/samba/2.2.8
- version/samba/2.2.8a
- version/samba/2.2.9
- version/samba/2.2.11
- version/samba/2.2.12
- version/samba/3.0.0
- version/samba/3.0.1
- version/samba/3.0.2
- version/samba/3.0.2a
- version/samba/3.0.10
- version/samba/3.0.11
- version/samba/3.0.12
- version/samba/3.0.13
- version/samba/3.0.14
- version/samba/3.0.14a
- version/samba/3.0.20
- version/samba/3.0.20a
- version/samba/3.0.20b
- version/samba/3.0.21
- version/samba/3.0.21a
- version/samba/3.0.21b
- version/samba/3.0.21c
- version/samba/3.0.22
- version/samba/3.0.23a
- version/samba/3.0.23b
- version/samba/3.0.23c
- version/samba/3.0.23d
- version/samba/3.0.24
- version/samba/3.0.25
- version/samba/3.0.25-pre1
- version/samba/3.0.25-pre2
- version/samba/3.0.25-rc1
- version/samba/3.0.25-rc2
- version/samba/3.0.25-rc3
- version/samba/3.0.25a
- version/samba/3.0.25b
- version/samba/3.0.25c
- version/samba/3.0.26
- version/samba/3.0.26a
- version/samba/3.0.27