Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6015Improper Restriction of Operations within the Bounds of a Memory Buffer in Samba

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
9.3CRITICALNVD
EPSS
48.9%
top 2.23%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SambaDebian Samba
Timeline
PublishedDec 13
Latest updateMay 1

Description

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

debiandebian/samba< samba 3.0.28-1 (bookworm)
Debiansamba/samba< 3.0.28-1+3
NVDsamba/samba56 versions+55

Patches

Patch: www.redhat.comPatch: www.samba.orgPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-hhrv-j6cc-jr4p: Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 32022-05-01
OSV
CVE-2007-6015: Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 32007-12-13

💥Exploits & PoCs

1
Exploit-DB
Samba 3.0.27a - 'send_mailslot()' Remote Buffer Overflow2007-12-14

📋Vendor Advisories

3
Ubuntu
Samba vulnerability2007-12-18
Red Hat
samba: send_mailslot() buffer overflow2007-12-10
Debian
CVE-2007-6015: samba - Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0...2007

💬Community

3
Bugzilla
CVE-2007-6015 samba: send_mailslot() buffer overflow2007-12-10
Bugzilla
CVE-2007-6015 samba: send_mailslot() buffer overflow2007-12-10
Bugzilla
CVE-2007-6015 samba: send_mailslot() buffer overflow2007-11-23