CVE-2007-0453 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba

5 documents5 sources

Severity

4.6MEDIUMNVD

EPSS

0.5%

top 32.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedFeb 6

Latest updateMay 1

Description

Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDsamba/samba10 versions+9

▶debiandebian/samba

🔴Vulnerability Details

GHSA

GHSA-xmx9-cjc5-x3v9: Buffer overflow in the nss_winbind↗2022-05-01

▶

📋Vendor Advisories

Debian

CVE-2007-0453: samba - Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d,...↗2007

▶

Red Hat

CVE-2007-0453: Buffer overflow in the nss_winbind↗

▶

📄Research Papers

arXiv

Combining Static and Dynamic Analysis for Vulnerability Detection↗2013-05-16

▶