Vulnerability DatabaseCVE-2007-5398
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2007-5398
November 16, 2007
Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request.
Related ResourcesĀ (54)
http://marc.info/?l=bugtraq&m=120524782005154&w=2
http://secunia.com/advisories/30484
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5811
http://secunia.com/advisories/28136
http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml
http://www.redhat.com/support/errata/RHSA-2007-1017.html
http://www.vupen.com/english/advisories/2007/4238
https://issues.rpath.com/browse/RPL-1894
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657
http://secunia.com/advisories/27691
http://www.vupen.com/english/advisories/2008/1908
http://www.securityfocus.com/bid/26455
http://secunia.com/advisories/27742
http://www.redhat.com/support/errata/RHSA-2007-1013.html
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
http://secunia.com/advisories/30835
http://secunia.com/advisories/27450
https://security-tracker.debian.org/tracker/CVE-2007-5398
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html
http://secunia.com/advisories/27927
http://secunia.com/advisories/27682
http://www.redhat.com/support/errata/RHSA-2007-1016.html
http://secunia.com/advisories/27720
http://securitytracker.com/id?1018953
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
http://www.securityfocus.com/archive/1/486859/100/0/threaded
http://securityreason.com/securityalert/3372
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10230
http://www.vupen.com/english/advisories/2008/0859/references
http://www.novell.com/linux/security/advisories/2007_65_samba.html
http://us1.samba.org/samba/security/CVE-2007-5398.html
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://secunia.com/advisories/28368
http://secunia.com/advisories/29341
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237764-1
http://secunia.com/advisories/27731
http://www.securityfocus.com/archive/1/485936/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2007:224
http://www.vupen.com/english/advisories/2008/1712/references
http://docs.info.apple.com/article.html?artnum=307179
http://secunia.com/secunia_research/2007-90/advisory/
http://secunia.com/advisories/27701
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
http://www.vupen.com/english/advisories/2007/3869
https://people.canonical.com/~ubuntu-security/cve/CVE-2007-5398
https://usn.ubuntu.com/544-1/
http://www.securityfocus.com/archive/1/483744/100/0/threaded
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739
http://www.vupen.com/english/advisories/2008/0064
http://www.debian.org/security/2007/dsa-1409
https://access.redhat.com/security/cve/CVE-2007-5398
http://secunia.com/advisories/27787
https://exchange.xforce.ibmcloud.com/vulnerabilities/38502
http://secunia.com/advisories/27679
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
9.3
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119
EPSS
Base Score:
40.72