Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2007-2446 to a friend New vulnerability? New tool? Tell us	CVE-2007-2446 Samba Multiple Heap Overflow Vulnerability     Credit: The information has been provided by ZDI-07-029, ZDI-07-030, ZDI-07-031, ZDI-07-032, ZDI-07-033. The original articles can be found at:  http://www.zerodayinitiative.com/advisories/ZDI-07-029.html  http://www.zerodayinitiative.com/advisories/ZDI-07-030.html  http://www.zerodayinitiative.com/advisories/ZDI-07-031.html  http://www.zerodayinitiative.com/advisories/ZDI-07-032.html  http://www.zerodayinitiative.com/advisories/ZDI-07-033.html Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2007-2446 Details Check for CVE-2007-2446 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Affected Products:  * Samba 3.0.0 - 3.0.25rc3 Samba lsa_io_privilege_set Heap Overflow Vulnerability The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarAddPrivilegesToAccount, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution. Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability The specific flaw exists in the parsing of RPC requests to the DFS RPC interface. When parsing a request to DFSEnum, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution. Samba smb_io_notify_option_type_data Heap Overflow Vulnerability The specific flaw exists in the parsing of RPC requests to the SPOOLSS RPC interface. When parsing a request to RFNPCNEX, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution. Samba sec_io_acl Heap Overflow Vulnerability The specific flaw exists in the parsing of RPC requests to the SRVSVC RPC interface. When parsing a request to NetSetFileSecurity, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution. Samba lsa_io_trans_names Heap Overflow Vulnerability: The specific flaw exists in the parsing of RPC requests to the LSA RPC interface. When parsing a request to LsarLookupSids/LsarLookupSids2, heap allocation is calculated based on user input. By specifying invalid values, heap blocks can be overwritten leading to remote code execution. CVE Information: CVE-2007-2446 Vendor Status: Samba has issued an update to correct this vulnerability. More details can be found at: http://us1.samba.org/samba/security/CVE-2007-2446.html Disclosure Timeline:  * 2007.04.25 - Vulnerability reported to vendor  * 2007.05.02 - Digital Vaccine released to TippingPoint customers  * 2007.05.15 - Coordinated public release of advisory  Comments on CVE-2007-2446:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®