ID |
CVE-2007-2444
|
Summary |
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.2 (as of 16-10-2018 - 16:43) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
bid | 23974 | bugtraq | - 20070513 [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation
- 20070515 FLEA-2007-0017-1: samba
| confirm | | debian | DSA-1291 | gentoo | GLSA-200705-15 | hp | | mandriva | MDKSA-2007:104 | openpkg | OpenPKG-SA-2007.012 | osvdb | 34698 | sectrack | 1018049 | secunia | - 25232
- 25241
- 25246
- 25251
- 25255
- 25256
- 25259
- 25270
- 25289
- 25675
- 25772
| slackware | SSA:2007-134-01 | sreason | 2701 | sunalert | | suse | SUSE-SA:2007:031 | trustix | 2007-0017 | ubuntu | | vupen | - ADV-2007-1805
- ADV-2007-2210
- ADV-2007-2281
|
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2007-05-15 | organization | Red Hat | statement | Not vulnerable. These issues did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. |
|
Last major update |
16-10-2018 - 16:43 |
Published |
14-05-2007 - 21:19 |
Last modified |
16-10-2018 - 16:43 |