CVE-2007-0454 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-0454
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0454

Description: Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/32304 UBUNTU http://www.ubuntu.com/usn/usn-419-1 TRUSTIX http://www.trustix.org/errata/2007/0007 ST 1017588 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916 SAID Secunia Advisory: SA24046 Secunia Advisory: SA24101 Secunia Advisory: SA24067 Secunia Advisory: SA24060 Secunia Advisory: SA24021 Secunia Advisory: SA24151 Secunia Advisory: SA24145 OSVDB 33101 OPENPKG http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:034 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml DEBIAN http://www.debian.org/security/2007/dsa-1257 CONFIRM http://us1.samba.org/samba/security/CVE-2007-0454.html CERT-VN 649732 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/459365/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/459179/100/0/threaded BID 22403

Return to the previous page.