CVE-2007-0454 - Vulnerability Details

Vendors	Products
Debian	Debian Linux
Mandrakesoft	Mandrake Linux Mandrake Linux Corporate Server Mandrake Linuxsoft 2007
Samba	Samba

Link	Providers
http://osvdb.org/33101
http://secunia.com/advisories/24021
http://secunia.com/advisories/24046
http://secunia.com/advisories/24060
http://secunia.com/advisories/24067
http://secunia.com/advisories/24101
http://secunia.com/advisories/24145
http://secunia.com/advisories/24151
http://securitytracker.com/id?1017588
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
http://us1.samba.org/samba/security/CVE-2007-0454.html
http://www.debian.org/security/2007/dsa-1257
http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
http://www.kb.cert.org/vuls/id/649732
http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
http://www.securityfocus.com/archive/1/459179/100/0/threaded
http://www.securityfocus.com/archive/1/459365/100/0/threaded
http://www.securityfocus.com/bid/22403
http://www.trustix.org/errata/2007/0007
http://www.ubuntu.com/usn/usn-419-1
http://www.vupen.com/english/advisories/2007/0483
https://exchange.xforce.ibmcloud.com/vulnerabilities/32304
https://issues.rpath.com/browse/RPL-1005

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "VU#649732", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/649732"}, {"name": "24046", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24046"}, {"name": "24101", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24101"}, {"name": "20070207 rPSA-2007-0026-1 samba samba-swat", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"}, {"name": "GLSA-200702-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"}, {"name": "OpenPKG-SA-2007.012", "tags": ["vendor-advisory", "x_refsource_OPENPKG"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"}, {"name": "1017588", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017588"}, {"name": "24151", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24151"}, {"name": "ADV-2007-0483", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0483"}, {"name": "24021", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24021"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1005"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"}, {"name": "24067", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24067"}, {"name": "33101", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33101"}, {"name": "24145", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24145"}, {"name": "24060", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24060"}, {"name": "MDKSA-2007:034", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"}, {"name": "20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"}, {"name": "2007-0007", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0007"}, {"name": "USN-419-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-419-1"}, {"name": "samba-afsacl-format-string(32304)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"}, {"name": "22403", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22403"}, {"name": "SSA:2007-038-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916"}, {"name": "DSA-1257", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1257"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:19:30.137Z"}, "title": "CVE Program Container", "references": [{"name": "VU#649732", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/649732"}, {"name": "24046", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24046"}, {"name": "24101", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24101"}, {"name": "20070207 rPSA-2007-0026-1 samba samba-swat", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"}, {"name": "GLSA-200702-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"}, {"name": "OpenPKG-SA-2007.012", "tags": ["vendor-advisory", "x_refsource_OPENPKG", "x_transferred"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"}, {"name": "1017588", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017588"}, {"name": "24151", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24151"}, {"name": "ADV-2007-0483", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0483"}, {"name": "24021", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24021"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1005"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"}, {"name": "24067", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24067"}, {"name": "33101", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33101"}, {"name": "24145", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24145"}, {"name": "24060", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24060"}, {"name": "MDKSA-2007:034", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"}, {"name": "20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"}, {"name": "2007-0007", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2007/0007"}, {"name": "USN-419-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-419-1"}, {"name": "samba-afsacl-format-string(32304)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"}, {"name": "22403", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22403"}, {"name": "SSA:2007-038-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916"}, {"name": "DSA-1257", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2007/dsa-1257"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-0454", "datePublished": "2007-02-06T02:00:00", "dateReserved": "2007-01-23T00:00:00", "dateUpdated": "2024-08-07T12:19:30.137Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2007-02-05T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2018-10-16T14:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

name : VU#649732 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

]

url : http://www.kb.cert.org/vuls/id/649732 (string)

}

1 : { »

name : 24046 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/24046 (string)

}

2 : { »

name : 24101 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/24101 (string)

}

3 : { »

name : 20070207 rPSA-2007-0026-1 samba samba-swat (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/459365/100/0/threaded (string)

}

4 : { »

name : GLSA-200702-01 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

]

url : http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml (string)

}

5 : { »

name : OpenPKG-SA-2007.012 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_OPENPKG (string)

]

url : http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html (string)

}

6 : { »

name : 1017588 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://securitytracker.com/id?1017588 (string)

}

7 : { »

name : 24151 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/24151 (string)

}

8 : { »

name : ADV-2007-0483 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

]

url : http://www.vupen.com/english/advisories/2007/0483 (string)

}

9 : { »

name : 24021 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/24021 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://issues.rpath.com/browse/RPL-1005 (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://us1.samba.org/samba/security/CVE-2007-0454.html (string)

}

12 : { »

name : 24067 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/24067 (string)

}

13 : { »

name : 33101 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://osvdb.org/33101 (string)

}

14 : { »

name : 24145 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/24145 (string)

}

15 : { »

name : 24060 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/24060 (string)

}

16 : { »

name : MDKSA-2007:034 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

]

url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:034 (string)

}

17 : { »

name : 20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

]

url : http://www.securityfocus.com/archive/1/459179/100/0/threaded (string)

}

18 : { »

name : 2007-0007 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_TRUSTIX (string)

]

url : http://www.trustix.org/errata/2007/0007 (string)

}

19 : { »

name : USN-419-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/usn-419-1 (string)

}

20 : { »

name : samba-afsacl-format-string(32304) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/32304 (string)

}

21 : { »

name : 22403 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/22403 (string)

}

22 : { »

name : SSA:2007-038-01 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SLACKWARE (string)

]

url : http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 (string)

}

23 : { »

name : DSA-1257 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2007/dsa-1257 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-07T12:19:30.137Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : VU#649732 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_CERT-VN (string)

2 : x_transferred (string)

]

url : http://www.kb.cert.org/vuls/id/649732 (string)

}

1 : { »

name : 24046 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/24046 (string)

}

2 : { »

name : 24101 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/24101 (string)

}

3 : { »

name : 20070207 rPSA-2007-0026-1 samba samba-swat (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/459365/100/0/threaded (string)

}

4 : { »

name : GLSA-200702-01 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_GENTOO (string)

2 : x_transferred (string)

]

url : http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml (string)

}

5 : { »

name : OpenPKG-SA-2007.012 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_OPENPKG (string)

2 : x_transferred (string)

]

url : http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html (string)

}

6 : { »

name : 1017588 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://securitytracker.com/id?1017588 (string)

}

7 : { »

name : 24151 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/24151 (string)

}

8 : { »

name : ADV-2007-0483 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_VUPEN (string)

2 : x_transferred (string)

]

url : http://www.vupen.com/english/advisories/2007/0483 (string)

}

9 : { »

name : 24021 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/24021 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://issues.rpath.com/browse/RPL-1005 (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://us1.samba.org/samba/security/CVE-2007-0454.html (string)

}

12 : { »

name : 24067 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/24067 (string)

}

13 : { »

name : 33101 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://osvdb.org/33101 (string)

}

14 : { »

name : 24145 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/24145 (string)

}

15 : { »

name : 24060 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/24060 (string)

}

16 : { »

name : MDKSA-2007:034 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

2 : x_transferred (string)

]

url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:034 (string)

}

17 : { »

name : 20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_BUGTRAQ (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/459179/100/0/threaded (string)

}

18 : { »

name : 2007-0007 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_TRUSTIX (string)

2 : x_transferred (string)

]

url : http://www.trustix.org/errata/2007/0007 (string)

}

19 : { »

name : USN-419-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/usn-419-1 (string)

}

20 : { »

name : samba-afsacl-format-string(32304) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/32304 (string)

}

21 : { »

name : 22403 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/22403 (string)

}

22 : { »

name : SSA:2007-038-01 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SLACKWARE (string)

2 : x_transferred (string)

]

url : http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 (string)

}

23 : { »

name : DSA-1257 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2007/dsa-1257 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2007-0454 (string)

datePublished : 2007-02-06T02:00:00 (string)

dateReserved : 2007-01-23T00:00:00 (string)

dateUpdated : 2024-08-07T12:19:30.137Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "3D40F682-9F2E-465F-98F7-23E1036C74A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "9478CC84-802F-4960-ACAB-3700154E813F", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "5BEA3806-E33A-49A6-99A4-095B4E543C43", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "AA7D08FB-30B9-4E42-B831-21A0C095062C", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "13E6C8A4-FA17-44EF-A447-C73108540B59", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "57D5EA00-CC2E-4E56-8297-A3C1CEDBBE06", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "50E05AD3-C7F0-421D-8C9B-604E553332E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "3A53517C-F12D-4D74-A722-5AE23598CEC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "2BF4A0A7-E176-4009-BAA2-E23B330D91A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*", "matchCriteriaId": "42EB6115-CC45-4464-8400-D7E3A9402803", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "F002F105-A911-4E56-8630-C287DC527E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*", "matchCriteriaId": "D1936E19-9887-4E53-AA0C-738ABD4B97EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*", "matchCriteriaId": "A2206C09-6A4B-4EC4-A206-E48EDF966913", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "0B918306-8743-404D-A035-CC3997ADCC3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*", "matchCriteriaId": "43684906-D3AA-40FB-A75D-ED65C1DC9BB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*", "matchCriteriaId": "62E39538-4811-49DB-97CF-1F018C58BAE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*", "matchCriteriaId": "C85D69FE-AF43-4B0E-A7A9-2D2C16426180", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "86347948-C08F-4F02-89A0-4F4A55CD4BA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*", "matchCriteriaId": "54FE8D2E-AF0D-4C84-A5BC-2CE6759B534C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*", "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*", "matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*", "matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*", "matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*", "matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*", "matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*", "matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*", "matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*", "matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*", "matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*", "matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*", "matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*", "matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*", "matchCriteriaId": "597094EC-D23F-4EC4-A140-96F287679124", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*", "matchCriteriaId": "07EC6C5A-33C9-456A-A8C9-0DF67C76041E", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "94F65351-C2DA-41C0-A3F9-1AE951E4386E", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*", "matchCriteriaId": "1B795F9F-AFB3-4A2A-ABC6-9246906800DE", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7F55B87-1876-4855-9F62-9D6E2D295588", "vulnerable": true}, {"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:x86_64:*:*:*:*:*", "matchCriteriaId": "2A0D5740-DD4E-408C-B70F-FD1E7626E1DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping."}, {"lang": "es", "value": "Una vulnerabilidad de cadena de formato en el m\u00f3dulo VFS afsacl.so en Samba versi\u00f3n 3.0.6 hasta 3.0.23d permite a los atacantes dependiendo del contexto ejecutar c\u00f3digo arbitrario por medio de especificadores de cadena de formato en un nombre de archivo sobre un sistema de archivos AFS, que no se maneja apropiadamente durante la asignaci\u00f3n ACL de Windows."}], "id": "CVE-2007-0454", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-06T02:28:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/33101"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24021"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24046"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24060"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24067"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24101"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24145"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24151"}, {"source": "secalert@redhat.com", "url": "http://securitytracker.com/id?1017588"}, {"source": "secalert@redhat.com", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916"}, {"source": "secalert@redhat.com", "url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2007/dsa-1257"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"}, {"source": "secalert@redhat.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/649732"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"}, {"source": "secalert@redhat.com", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/22403"}, {"source": "secalert@redhat.com", "url": "http://www.trustix.org/errata/2007/0007"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-419-1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0483"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-1005"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/33101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24046"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24067"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24101"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24145"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://us1.samba.org/samba/security/CVE-2007-0454.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2007/dsa-1257"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/649732"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/459179/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/459365/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/22403"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2007/0007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-419-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/0483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1005"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. These issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2007-05-14T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 3D40F682-9F2E-465F-98F7-23E1036C74A2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:* (string)

matchCriteriaId : 9478CC84-802F-4960-ACAB-3700154E813F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:* (string)

matchCriteriaId : 5BEA3806-E33A-49A6-99A4-095B4E543C43 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:* (string)

matchCriteriaId : AA7D08FB-30B9-4E42-B831-21A0C095062C (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 13E6C8A4-FA17-44EF-A447-C73108540B59 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:* (string)

matchCriteriaId : 57D5EA00-CC2E-4E56-8297-A3C1CEDBBE06 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:* (string)

matchCriteriaId : 50E05AD3-C7F0-421D-8C9B-604E553332E2 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:* (string)

matchCriteriaId : 3A53517C-F12D-4D74-A722-5AE23598CEC4 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:* (string)

matchCriteriaId : 2BF4A0A7-E176-4009-BAA2-E23B330D91A6 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:* (string)

matchCriteriaId : 42EB6115-CC45-4464-8400-D7E3A9402803 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:* (string)

matchCriteriaId : F002F105-A911-4E56-8630-C287DC527E05 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:* (string)

matchCriteriaId : D1936E19-9887-4E53-AA0C-738ABD4B97EE (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:* (string)

matchCriteriaId : A2206C09-6A4B-4EC4-A206-E48EDF966913 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B918306-8743-404D-A035-CC3997ADCC3C (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:* (string)

matchCriteriaId : 43684906-D3AA-40FB-A75D-ED65C1DC9BB4 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:* (string)

matchCriteriaId : 62E39538-4811-49DB-97CF-1F018C58BAE4 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:* (string)

matchCriteriaId : C85D69FE-AF43-4B0E-A7A9-2D2C16426180 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:* (string)

matchCriteriaId : 86347948-C08F-4F02-89A0-4F4A55CD4BA7 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:* (string)

matchCriteriaId : 54FE8D2E-AF0D-4C84-A5BC-2CE6759B534C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 2CAE037F-111C-4A76-8FFE-716B74D65EF3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:* (string)

matchCriteriaId : A6B060E4-B5A6-4469-828E-211C52542547 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:* (string)

matchCriteriaId : 974C3541-990C-4CD4-A05A-38FA74A84632 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:* (string)

matchCriteriaId : 6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:* (string)

matchCriteriaId : 58792F77-B06F-4780-BA25-FE1EE6C3FDD9 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:* (string)

matchCriteriaId : C9419322-572F-4BB6-8416-C5E96541CF33 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:* (string)

matchCriteriaId : BFC50555-C084-46A3-9C9F-949C5E3BB448 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:* (string)

matchCriteriaId : 9C25D6E1-D283-4CEA-B47B-60C47A5C0797 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:* (string)

matchCriteriaId : AD18A446-C634-417E-86AC-B19B6DDDC856 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:* (string)

matchCriteriaId : E4BB852E-61B2-4842-989F-C6C0C901A8D7 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:* (string)

matchCriteriaId : 24DD9D59-E2A2-4116-A887-39E8CC2004FC (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:* (string)

matchCriteriaId : F28D7457-607E-4E0C-909A-413F91CFCD82 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:* (string)

matchCriteriaId : 5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:* (string)

matchCriteriaId : AF8AE8C4-810F-41AB-A251-5A2D4DD6884D (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:* (string)

matchCriteriaId : 5EACF214-FA27-44FF-A431-927AB79377A1 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:* (string)

matchCriteriaId : E2B58895-0E2A-4466-9CB2-0083349A83B2 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:* (string)

matchCriteriaId : 03F8220A-9B1C-40AA-AEAB-F9A93225FBD5 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:* (string)

matchCriteriaId : 2311919C-7864-469D-B0F6-9B11D8D0A1C3 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:* (string)

matchCriteriaId : 19876495-4C1A-487C-955A-C5AA46362A1F (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:* (string)

matchCriteriaId : D75286DD-50BC-4B72-8AC8-E20730124DC2 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:* (string)

matchCriteriaId : 1998C972-497E-4916-B50E-FB32303EEA8E (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:* (string)

matchCriteriaId : A6CD3DD9-3A8A-4716-A2D1-136A790AFF94 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:* (string)

matchCriteriaId : 6CE2020A-4FB2-4FCD-8561-7BD147CD95EB (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:* (string)

matchCriteriaId : 08E90AFA-C262-46D0-B60E-26B67C9602D5 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:* (string)

matchCriteriaId : 597094EC-D23F-4EC4-A140-96F287679124 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:* (string)

matchCriteriaId : 07EC6C5A-33C9-456A-A8C9-0DF67C76041E (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 2BB0B27C-04EA-426F-9016-7406BACD91DF (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:* (string)

matchCriteriaId : BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 94F65351-C2DA-41C0-A3F9-1AE951E4386E (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:* (string)

matchCriteriaId : 1B795F9F-AFB3-4A2A-ABC6-9246906800DE (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C7F55B87-1876-4855-9F62-9D6E2D295588 (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:x86_64:*:*:*:*:* (string)

matchCriteriaId : 2A0D5740-DD4E-408C-B70F-FD1E7626E1DB (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de cadena de formato en el módulo VFS afsacl.so en Samba versión 3.0.6 hasta 3.0.23d permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de especificadores de cadena de formato en un nombre de archivo sobre un sistema de archivos AFS, que no se maneja apropiadamente durante la asignación ACL de Windows. (string)

}

]

id : CVE-2007-0454 (string)

lastModified : 2025-04-09T00:30:58.490 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : true (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2007-02-06T02:28:00.000 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

url : http://osvdb.org/33101 (string)

}

1 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24021 (string)

}

2 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24046 (string)

}

3 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24060 (string)

}

4 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24067 (string)

}

5 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24101 (string)

}

6 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24145 (string)

}

7 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24151 (string)

}

8 : { »

source : secalert@redhat.com (string)

url : http://securitytracker.com/id?1017588 (string)

}

9 : { »

source : secalert@redhat.com (string)

url : http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 (string)

}

10 : { »

source : secalert@redhat.com (string)

url : http://us1.samba.org/samba/security/CVE-2007-0454.html (string)

}

11 : { »

source : secalert@redhat.com (string)

url : http://www.debian.org/security/2007/dsa-1257 (string)

}

12 : { »

source : secalert@redhat.com (string)

url : http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml (string)

}

13 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/649732 (string)

}

14 : { »

source : secalert@redhat.com (string)

url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:034 (string)

}

15 : { »

source : secalert@redhat.com (string)

url : http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html (string)

}

16 : { »

source : secalert@redhat.com (string)

url : http://www.securityfocus.com/archive/1/459179/100/0/threaded (string)

}

17 : { »

source : secalert@redhat.com (string)

url : http://www.securityfocus.com/archive/1/459365/100/0/threaded (string)

}

18 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Patch (string)

]

url : http://www.securityfocus.com/bid/22403 (string)

}

19 : { »

source : secalert@redhat.com (string)

url : http://www.trustix.org/errata/2007/0007 (string)

}

20 : { »

source : secalert@redhat.com (string)

url : http://www.ubuntu.com/usn/usn-419-1 (string)

}

21 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.vupen.com/english/advisories/2007/0483 (string)

}

22 : { »

source : secalert@redhat.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/32304 (string)

}

23 : { »

source : secalert@redhat.com (string)

url : https://issues.rpath.com/browse/RPL-1005 (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://osvdb.org/33101 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24021 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24046 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24060 (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24067 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24101 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24145 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/24151 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://securitytracker.com/id?1017588 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://us1.samba.org/samba/security/CVE-2007-0454.html (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2007/dsa-1257 (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.kb.cert.org/vuls/id/649732 (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:034 (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/archive/1/459179/100/0/threaded (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/archive/1/459365/100/0/threaded (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : http://www.securityfocus.com/bid/22403 (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.trustix.org/errata/2007/0007 (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/usn-419-1 (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.vupen.com/english/advisories/2007/0483 (string)

}

46 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/32304 (string)

}

47 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://issues.rpath.com/browse/RPL-1005 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vendorComments : [ »

0 : { »

comment : Not vulnerable. These issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, 4, or 5. (string)

lastModified : 2007-05-14T00:00:00 (string)

organization : Red Hat (string)

}

]

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-134 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object