CVE-2007-0454

CWE-134 — Uncontrolled Format String7 documents7 sources

Severity

7.5HIGH

EPSS

4.4%

top 10.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server +1 more

Timeline

PublishedFeb 6

Latest updateMay 1

Description

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶Debiansamba< 3.0.23d-5+3

▶NVDsamba/samba19 versions+18

▶NVDmandrakesoft/mandrake_linux2006

▶NVDmandrakesoft/mandrake_linux_corporate_server3.0, 4.0+1

Also affects: Debian Linux 3.0, 3.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mq9f-755p-rg7c: Format string vulnerability in the afsacl↗2022-05-01

▶

CVEList

CVE-2007-0454: Format string vulnerability in the afsacl↗2007-02-06

▶

OSV

CVE-2007-0454: Format string vulnerability in the afsacl↗2007-02-06

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2007-02-06

▶

Debian

CVE-2007-0454: samba - Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3...↗2007

▶

Red Hat

CVE-2007-0454: Format string vulnerability in the afsacl↗

▶