CVE-2007-2444

 

Published at: - 14-05-2007 11:19

Last modified: - 29-08-2022 10:19

Total changes: - 2

Description

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:L/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• http://www.samba.org/samba/security/CVE-2007-2444.html
• https://issues.rpath.com/browse/RPL-1366
• SSA:2007-134-01-Mailing List, Third Party Advisory
• 25241-Third Party Advisory
• 25246-Third Party Advisory
• 25256-Third Party Advisory
• GLSA-200705-15-Third Party Advisory
• 2007-0017-Broken Link
• USN-460-1-Third Party Advisory
• 23974-Third Party Advisory, VDB Entry
• 1018049-Third Party Advisory, VDB Entry
• 25232-Third Party Advisory
• 25251-Third Party Advisory
• 25270-Third Party Advisory
• 25259-Third Party Advisory
• 25255-Third Party Advisory
• MDKSA-2007:104-Broken Link
• OpenPKG-SA-2007.012-Third Party Advisory
• 102964-Broken Link
• SUSE-SA:2007:031-Mailing List, Third Party Advisory
• USN-460-2-Third Party Advisory
• 25289-Third Party Advisory
• 25675-Third Party Advisory
• 25772-Third Party Advisory
• 2701-Third Party Advisory
• 200588-Broken Link
• ADV-2007-2281-Permissions Required
• ADV-2007-1805-Permissions Required
• ADV-2007-2210-Permissions Required
• 34698-Broken Link
• HPSBTU02218-Broken Link
• DSA-1291-Third Party Advisory
• 20070515 FLEA-2007-0017-1: samba-Third Party Advisory, VDB Entry
• 20070513 [SAMBA-SECURITY] CVE-2007-2444: Local SID/Name Translation Failure Can Result in User Privilege Elevation-Third Party Advisory, VDB Entry

 

Keywords

NVD

 

CVE-2007-2444

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures