Home > Vulnerability Database > CVE-2007-4572

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-4572

Date: November 16, 2007

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests.

Severity Score

8.1

Related Resources (55)

Url: http://www.debian.org/security/2007/dsa-1409

Url: http://secunia.com/advisories/29341

Url: https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html

Url: http://secunia.com/advisories/27682

Url: http://www.vupen.com/english/advisories/2008/1712/references

Url: http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml

Url: http://www.vupen.com/english/advisories/2008/1908

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-237764-1

Url: https://security-tracker.debian.org/tracker/CVE-2007-4572

Url: http://secunia.com/advisories/30736

Url: http://secunia.com/advisories/27679

Url: http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Url: http://www.securityfocus.com/archive/1/485936/100/0/threaded

Url: http://secunia.com/advisories/28368

Url: http://www.vupen.com/english/advisories/2008/0064

Url: http://www.vmware.com/security/advisories/VMSA-2008-0001.html

Url: http://www.redhat.com/support/errata/RHSA-2007-1017.html

Url: http://secunia.com/advisories/30484

Url: http://secunia.com/advisories/27450

Url: http://secunia.com/advisories/27691

Url: http://lists.vmware.com/pipermail/security-announce/2008/000002.html

Url: http://docs.info.apple.com/article.html?artnum=307179

Url: https://issues.rpath.com/browse/RPL-1894

Url: http://www.vupen.com/english/advisories/2008/0859/references

Url: https://access.redhat.com/security/cve/CVE-2007-4572

Url: http://www.us-cert.gov/cas/techalerts/TA07-352A.html

Url: http://marc.info/?l=bugtraq&m=120524782005154&w=2

Url: http://secunia.com/advisories/27927

Url: http://www.vupen.com/english/advisories/2007/3869

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-4572

Url: http://secunia.com/advisories/28136

Url: http://secunia.com/advisories/27720

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11132

Url: http://www.securityfocus.com/bid/26454

Url: http://www.ubuntu.com/usn/usn-544-2

Url: http://us1.samba.org/samba/security/CVE-2007-4572.html

Url: http://www.vupen.com/english/advisories/2007/4238

Url: http://securitytracker.com/id?1018954

Url: https://usn.ubuntu.com/544-1/

Url: http://secunia.com/advisories/30835

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-4572

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/38501

Url: http://secunia.com/advisories/27731

Url: http://www.ubuntu.com/usn/usn-617-1

Url: http://www.securityfocus.com/archive/1/486859/100/0/threaded

Url: http://www.novell.com/linux/security/advisories/2007_65_samba.html

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:224

Url: http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5643

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739

Url: http://www.redhat.com/support/errata/RHSA-2007-1013.html

Url: http://www.redhat.com/support/errata/RHSA-2007-1016.html

Url: http://secunia.com/advisories/27701

Url: http://secunia.com/advisories/27787

Url: https://www.mend.io/vulnerability-database/CVE-2007-4572

Severity Score

8.1

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us