FKIE_CVE-2007-0454
Vulnerability from fkie_nvd - Published: 2007-02-06 02:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3D40F682-9F2E-465F-98F7-23E1036C74A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9478CC84-802F-4960-ACAB-3700154E813F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BEA3806-E33A-49A6-99A4-095B4E543C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AA7D08FB-30B9-4E42-B831-21A0C095062C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "13E6C8A4-FA17-44EF-A447-C73108540B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "57D5EA00-CC2E-4E56-8297-A3C1CEDBBE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "50E05AD3-C7F0-421D-8C9B-604E553332E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3A53517C-F12D-4D74-A722-5AE23598CEC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF4A0A7-E176-4009-BAA2-E23B330D91A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*",
"matchCriteriaId": "42EB6115-CC45-4464-8400-D7E3A9402803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F002F105-A911-4E56-8630-C287DC527E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*",
"matchCriteriaId": "D1936E19-9887-4E53-AA0C-738ABD4B97EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*",
"matchCriteriaId": "A2206C09-6A4B-4EC4-A206-E48EDF966913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0B918306-8743-404D-A035-CC3997ADCC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*",
"matchCriteriaId": "43684906-D3AA-40FB-A75D-ED65C1DC9BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*",
"matchCriteriaId": "62E39538-4811-49DB-97CF-1F018C58BAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*",
"matchCriteriaId": "C85D69FE-AF43-4B0E-A7A9-2D2C16426180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "86347948-C08F-4F02-89A0-4F4A55CD4BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*",
"matchCriteriaId": "54FE8D2E-AF0D-4C84-A5BC-2CE6759B534C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
"matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
"matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*",
"matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*",
"matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*",
"matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*",
"matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*",
"matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*",
"matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "597094EC-D23F-4EC4-A140-96F287679124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "07EC6C5A-33C9-456A-A8C9-0DF67C76041E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F55B87-1876-4855-9F62-9D6E2D295588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "2A0D5740-DD4E-408C-B70F-FD1E7626E1DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cadena de formato en el m\u00f3dulo VFS afsacl.so en Samba versi\u00f3n 3.0.6 hasta 3.0.23d permite a los atacantes dependiendo del contexto ejecutar c\u00f3digo arbitrario por medio de especificadores de cadena de formato en un nombre de archivo sobre un sistema de archivos AFS, que no se maneja apropiadamente durante la asignaci\u00f3n ACL de Windows."
}
],
"id": "CVE-2007-0454",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-06T02:28:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/33101"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24046"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24060"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24067"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24101"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24145"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24151"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1017588"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.476916"
},
{
"source": "secalert@redhat.com",
"url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2007/dsa-1257"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/649732"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22403"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trustix.org/errata/2007/0007"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-419-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0483"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.rpath.com/browse/RPL-1005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.476916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/649732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-419-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1005"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. These issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
"lastModified": "2007-05-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…