Search criteria

3 vulnerabilities found for mandrake_linuxsoft_2007 by mandrakesoft

FKIE_CVE-2007-0454

Vulnerability from fkie_nvd - Published: 2007-02-06 02:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
References
secalert@redhat.comhttp://osvdb.org/33101
secalert@redhat.comhttp://secunia.com/advisories/24021Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24046Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24060Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24067Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24101Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24145Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/24151Vendor Advisory
secalert@redhat.comhttp://securitytracker.com/id?1017588
secalert@redhat.comhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
secalert@redhat.comhttp://us1.samba.org/samba/security/CVE-2007-0454.html
secalert@redhat.comhttp://www.debian.org/security/2007/dsa-1257
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
secalert@redhat.comhttp://www.kb.cert.org/vuls/id/649732US Government Resource
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:034
secalert@redhat.comhttp://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
secalert@redhat.comhttp://www.securityfocus.com/archive/1/459179/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/archive/1/459365/100/0/threaded
secalert@redhat.comhttp://www.securityfocus.com/bid/22403Patch
secalert@redhat.comhttp://www.trustix.org/errata/2007/0007
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-419-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/0483Vendor Advisory
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/32304
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-1005
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/33101
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24021Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24046Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24060Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24067Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24101Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24145Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24151Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017588
af854a3a-2127-422b-91ae-364da2661108http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
af854a3a-2127-422b-91ae-364da2661108http://us1.samba.org/samba/security/CVE-2007-0454.html
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1257
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/649732US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
af854a3a-2127-422b-91ae-364da2661108http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/459179/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/459365/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/22403Patch
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2007/0007
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-419-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0483Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32304
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1005
Impacted products
Vendor Product Version
samba samba 3.0.6
samba samba 3.0.7
samba samba 3.0.8
samba samba 3.0.9
samba samba 3.0.10
samba samba 3.0.11
samba samba 3.0.12
samba samba 3.0.13
samba samba 3.0.14
samba samba 3.0.14a
samba samba 3.0.20
samba samba 3.0.20a
samba samba 3.0.20b
samba samba 3.0.21
samba samba 3.0.21a
samba samba 3.0.21b
samba samba 3.0.21c
samba samba 3.0.22
samba samba 3.0.23d
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
debian debian_linux 3.1
mandrakesoft mandrake_linux 2006
mandrakesoft mandrake_linux 2006
mandrakesoft mandrake_linux_corporate_server 3.0
mandrakesoft mandrake_linux_corporate_server 3.0
mandrakesoft mandrake_linux_corporate_server 4.0
mandrakesoft mandrake_linux_corporate_server 4.0
mandrakesoft mandrake_linuxsoft_2007 *
mandrakesoft mandrake_linuxsoft_2007 *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D40F682-9F2E-465F-98F7-23E1036C74A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9478CC84-802F-4960-ACAB-3700154E813F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BEA3806-E33A-49A6-99A4-095B4E543C43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA7D08FB-30B9-4E42-B831-21A0C095062C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "13E6C8A4-FA17-44EF-A447-C73108540B59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D5EA00-CC2E-4E56-8297-A3C1CEDBBE06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "50E05AD3-C7F0-421D-8C9B-604E553332E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A53517C-F12D-4D74-A722-5AE23598CEC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BF4A0A7-E176-4009-BAA2-E23B330D91A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*",
              "matchCriteriaId": "42EB6115-CC45-4464-8400-D7E3A9402803",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "F002F105-A911-4E56-8630-C287DC527E05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1936E19-9887-4E53-AA0C-738ABD4B97EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2206C09-6A4B-4EC4-A206-E48EDF966913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B918306-8743-404D-A035-CC3997ADCC3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*",
              "matchCriteriaId": "43684906-D3AA-40FB-A75D-ED65C1DC9BB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E39538-4811-49DB-97CF-1F018C58BAE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C85D69FE-AF43-4B0E-A7A9-2D2C16426180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "86347948-C08F-4F02-89A0-4F4A55CD4BA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*",
              "matchCriteriaId": "54FE8D2E-AF0D-4C84-A5BC-2CE6759B534C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
              "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
              "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
              "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
              "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
              "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
              "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
              "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
              "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*",
              "matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*",
              "matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*",
              "matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*",
              "matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*",
              "matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*",
              "matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*",
              "matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*",
              "matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "597094EC-D23F-4EC4-A140-96F287679124",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "07EC6C5A-33C9-456A-A8C9-0DF67C76041E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F55B87-1876-4855-9F62-9D6E2D295588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "2A0D5740-DD4E-408C-B70F-FD1E7626E1DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de cadena de formato en el m\u00f3dulo VFS afsacl.so en Samba versi\u00f3n 3.0.6 hasta 3.0.23d permite a los atacantes dependiendo del contexto ejecutar c\u00f3digo arbitrario por medio de especificadores de cadena de formato en un nombre de archivo sobre un sistema de archivos AFS, que no se maneja apropiadamente durante la asignaci\u00f3n ACL de Windows."
    }
  ],
  "id": "CVE-2007-0454",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-02-06T02:28:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/33101"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24021"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24046"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24060"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24067"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24101"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24145"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24151"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securitytracker.com/id?1017588"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.476916"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2007/dsa-1257"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/649732"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/22403"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.trustix.org/errata/2007/0007"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-419-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0483"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-1005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24145"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24151"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.476916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/649732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/22403"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2007/0007"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-419-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0483"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1005"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Not vulnerable. These issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
      "lastModified": "2007-05-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-134"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2007-0454 (GCVE-0-2007-0454)

Vulnerability from cvelistv5 – Published: 2007-02-06 02:00 – Updated: 2024-08-07 12:19
VLAI?
Summary
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.kb.cert.org/vuls/id/649732 third-party-advisoryx_refsource_CERT-VN
http://secunia.com/advisories/24046 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24101 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/459365/100… mailing-listx_refsource_BUGTRAQ
http://www.gentoo.org/security/en/glsa/glsa-20070… vendor-advisoryx_refsource_GENTOO
http://www.openpkg.com/security/advisories/OpenPK… vendor-advisoryx_refsource_OPENPKG
http://securitytracker.com/id?1017588 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/24151 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0483 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/24021 third-party-advisoryx_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1005 x_refsource_CONFIRM
http://us1.samba.org/samba/security/CVE-2007-0454.html x_refsource_CONFIRM
http://secunia.com/advisories/24067 third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/33101 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/24145 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24060 third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://www.securityfocus.com/archive/1/459179/100… mailing-listx_refsource_BUGTRAQ
http://www.trustix.org/errata/2007/0007 vendor-advisoryx_refsource_TRUSTIX
http://www.ubuntu.com/usn/usn-419-1 vendor-advisoryx_refsource_UBUNTU
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/22403 vdb-entryx_refsource_BID
http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
http://www.debian.org/security/2007/dsa-1257 vendor-advisoryx_refsource_DEBIAN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:19:30.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#649732",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/649732"
          },
          {
            "name": "24046",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24046"
          },
          {
            "name": "24101",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24101"
          },
          {
            "name": "20070207 rPSA-2007-0026-1 samba samba-swat",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"
          },
          {
            "name": "GLSA-200702-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"
          },
          {
            "name": "OpenPKG-SA-2007.012",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
          },
          {
            "name": "1017588",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017588"
          },
          {
            "name": "24151",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24151"
          },
          {
            "name": "ADV-2007-0483",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0483"
          },
          {
            "name": "24021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24021"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"
          },
          {
            "name": "24067",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24067"
          },
          {
            "name": "33101",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33101"
          },
          {
            "name": "24145",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24145"
          },
          {
            "name": "24060",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24060"
          },
          {
            "name": "MDKSA-2007:034",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"
          },
          {
            "name": "20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"
          },
          {
            "name": "2007-0007",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0007"
          },
          {
            "name": "USN-419-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-419-1"
          },
          {
            "name": "samba-afsacl-format-string(32304)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"
          },
          {
            "name": "22403",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22403"
          },
          {
            "name": "SSA:2007-038-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.476916"
          },
          {
            "name": "DSA-1257",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1257"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "VU#649732",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/649732"
        },
        {
          "name": "24046",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24046"
        },
        {
          "name": "24101",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24101"
        },
        {
          "name": "20070207 rPSA-2007-0026-1 samba samba-swat",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"
        },
        {
          "name": "GLSA-200702-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"
        },
        {
          "name": "OpenPKG-SA-2007.012",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
        },
        {
          "name": "1017588",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017588"
        },
        {
          "name": "24151",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24151"
        },
        {
          "name": "ADV-2007-0483",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0483"
        },
        {
          "name": "24021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24021"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"
        },
        {
          "name": "24067",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24067"
        },
        {
          "name": "33101",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33101"
        },
        {
          "name": "24145",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24145"
        },
        {
          "name": "24060",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24060"
        },
        {
          "name": "MDKSA-2007:034",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"
        },
        {
          "name": "20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"
        },
        {
          "name": "2007-0007",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0007"
        },
        {
          "name": "USN-419-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-419-1"
        },
        {
          "name": "samba-afsacl-format-string(32304)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"
        },
        {
          "name": "22403",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22403"
        },
        {
          "name": "SSA:2007-038-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.476916"
        },
        {
          "name": "DSA-1257",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1257"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-0454",
    "datePublished": "2007-02-06T02:00:00",
    "dateReserved": "2007-01-23T00:00:00",
    "dateUpdated": "2024-08-07T12:19:30.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-0454 (GCVE-0-2007-0454)

Vulnerability from nvd – Published: 2007-02-06 02:00 – Updated: 2024-08-07 12:19
VLAI?
Summary
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.kb.cert.org/vuls/id/649732 third-party-advisoryx_refsource_CERT-VN
http://secunia.com/advisories/24046 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24101 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/459365/100… mailing-listx_refsource_BUGTRAQ
http://www.gentoo.org/security/en/glsa/glsa-20070… vendor-advisoryx_refsource_GENTOO
http://www.openpkg.com/security/advisories/OpenPK… vendor-advisoryx_refsource_OPENPKG
http://securitytracker.com/id?1017588 vdb-entryx_refsource_SECTRACK
http://secunia.com/advisories/24151 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0483 vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/24021 third-party-advisoryx_refsource_SECUNIA
https://issues.rpath.com/browse/RPL-1005 x_refsource_CONFIRM
http://us1.samba.org/samba/security/CVE-2007-0454.html x_refsource_CONFIRM
http://secunia.com/advisories/24067 third-party-advisoryx_refsource_SECUNIA
http://osvdb.org/33101 vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/24145 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/24060 third-party-advisoryx_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
http://www.securityfocus.com/archive/1/459179/100… mailing-listx_refsource_BUGTRAQ
http://www.trustix.org/errata/2007/0007 vendor-advisoryx_refsource_TRUSTIX
http://www.ubuntu.com/usn/usn-419-1 vendor-advisoryx_refsource_UBUNTU
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/22403 vdb-entryx_refsource_BID
http://slackware.com/security/viewer.php?l=slackw… vendor-advisoryx_refsource_SLACKWARE
http://www.debian.org/security/2007/dsa-1257 vendor-advisoryx_refsource_DEBIAN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:19:30.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#649732",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/649732"
          },
          {
            "name": "24046",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24046"
          },
          {
            "name": "24101",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24101"
          },
          {
            "name": "20070207 rPSA-2007-0026-1 samba samba-swat",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"
          },
          {
            "name": "GLSA-200702-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"
          },
          {
            "name": "OpenPKG-SA-2007.012",
            "tags": [
              "vendor-advisory",
              "x_refsource_OPENPKG",
              "x_transferred"
            ],
            "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
          },
          {
            "name": "1017588",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017588"
          },
          {
            "name": "24151",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24151"
          },
          {
            "name": "ADV-2007-0483",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0483"
          },
          {
            "name": "24021",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24021"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1005"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"
          },
          {
            "name": "24067",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24067"
          },
          {
            "name": "33101",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33101"
          },
          {
            "name": "24145",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24145"
          },
          {
            "name": "24060",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24060"
          },
          {
            "name": "MDKSA-2007:034",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"
          },
          {
            "name": "20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"
          },
          {
            "name": "2007-0007",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0007"
          },
          {
            "name": "USN-419-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-419-1"
          },
          {
            "name": "samba-afsacl-format-string(32304)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"
          },
          {
            "name": "22403",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22403"
          },
          {
            "name": "SSA:2007-038-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.476916"
          },
          {
            "name": "DSA-1257",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1257"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "VU#649732",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/649732"
        },
        {
          "name": "24046",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24046"
        },
        {
          "name": "24101",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24101"
        },
        {
          "name": "20070207 rPSA-2007-0026-1 samba samba-swat",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"
        },
        {
          "name": "GLSA-200702-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"
        },
        {
          "name": "OpenPKG-SA-2007.012",
          "tags": [
            "vendor-advisory",
            "x_refsource_OPENPKG"
          ],
          "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
        },
        {
          "name": "1017588",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017588"
        },
        {
          "name": "24151",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24151"
        },
        {
          "name": "ADV-2007-0483",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0483"
        },
        {
          "name": "24021",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24021"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1005"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"
        },
        {
          "name": "24067",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24067"
        },
        {
          "name": "33101",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33101"
        },
        {
          "name": "24145",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24145"
        },
        {
          "name": "24060",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24060"
        },
        {
          "name": "MDKSA-2007:034",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"
        },
        {
          "name": "20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"
        },
        {
          "name": "2007-0007",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0007"
        },
        {
          "name": "USN-419-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-419-1"
        },
        {
          "name": "samba-afsacl-format-string(32304)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"
        },
        {
          "name": "22403",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22403"
        },
        {
          "name": "SSA:2007-038-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.476916"
        },
        {
          "name": "DSA-1257",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1257"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-0454",
    "datePublished": "2007-02-06T02:00:00",
    "dateReserved": "2007-01-23T00:00:00",
    "dateUpdated": "2024-08-07T12:19:30.137Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}