CVE-2007-0454

Related Files

Mandriva Linux Security Advisory 2007.034

Posted Feb 6, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A logic error in the deferred open code for smbd may allow an authenticated user to exhaust resources such as memory and CPU on the server by opening multiple CIFS sessions, each of which will normally spawn a new smbd process, and sending each connection into an infinite loop. The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin.

tags | advisory

systems | linux, mandriva

advisories | CVE-2007-0452, CVE-2007-0454

SHA-256 | 79f22ffaa9ce0e3537037b26164de8346063ae90e18bc9ca00754aa260337d75

Download | Favorite | View

Debian Linux Security Advisory 1257-1

Posted Feb 6, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1257-1 - Several remote vulnerabilities have been discovered in samba, a free implementation of the SMB/CIFS protocol, which may lead to the execution of arbitrary code or denial of service.

tags | advisory, remote, denial of service, arbitrary, vulnerability, protocol

systems | linux, debian

advisories | CVE-2007-0452, CVE-2007-0454

SHA-256 | 3b833c5f2326b67c9b1aac0c35214a834900e47eb5d521e30655f20b36fdc993

Download | Favorite | View

CVE-2007-0454.tgz

Posted Feb 6, 2007

Site samba.org

The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin. This affects Samba versions 3.0.6 through 3.0.23d. Patch included.

tags | advisory

advisories | CVE-2007-0454

SHA-256 | 1b9a5933a61b5ba5816be5b3ed95fee8d77b027e7ccbbe015eab2b33ace3c7f3

Download | Favorite | View