CVE-2007-2444 - Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 al

CVE-2007-2444

Summary

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

References

Vulnerable Configurations

cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 16-10-2018 - 16:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	23974
bugtraq	20070513 [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation 20070515 FLEA-2007-0017-1: samba
confirm	http://www.samba.org/samba/security/CVE-2007-2444.html https://issues.rpath.com/browse/RPL-1366
debian	DSA-1291
gentoo	GLSA-200705-15
hp	HPSBTU02218 SSRT071424
mandriva	MDKSA-2007:104
openpkg	OpenPKG-SA-2007.012
osvdb	34698
sectrack	1018049
secunia	25232 25241 25246 25251 25255 25256 25259 25270 25289 25675 25772
slackware	SSA:2007-134-01
sreason	2701
sunalert	102964 200588
suse	SUSE-SA:2007:031
trustix	2007-0017
ubuntu	USN-460-1 USN-460-2
vupen	ADV-2007-1805 ADV-2007-2210 ADV-2007-2281

statements via4

contributor	Mark J Cox
lastmodified	2007-05-15
organization	Red Hat
statement	Not vulnerable. These issues did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Last major update

16-10-2018 - 16:43

Published

14-05-2007 - 21:19