exploits , vulnerabilities , articles , Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability

Title	Samba Send_MailSlot Stack-Based Buffer Overflow Vulnerability
Published	2007-12-10-12:00AM
Updated	2008-03-11-08:51PM
Class	Boundary Condition Error
CVE	CVE-2007-6015
Remote	Yes
Local	No
Credit	Alin Rad Pop of Secunia Research is credited with the discovery of this issue.
Vulnerable	VMWare ESX Server 3.0.2 VMWare ESX Server 3.0.1 VMWare ESX Server 2.5.5 patch 4 VMWare ESX Server 2.5.4 patch 15 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Slackware Linux 10.2 Slackware Linux 10.1 Slackware Linux 10.0 Slackware Linux 12.0 Slackware Linux 11.0 Samba Samba 3.0.27 Samba Samba 3.0.26 Samba Samba 3.0.25 rc3 Samba Samba 3.0.25 rc2 Samba Samba 3.0.25 rc1 Samba Samba 3.0.25 pre2 Samba Samba 3.0.25 pre1 Samba Samba 3.0.25 c Samba Samba 3.0.25 b Samba Samba 3.0.25 a Samba Samba 3.0.25 Samba Samba 3.0.24 Samba Samba 3.0.22 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Samba Samba 3.0.21 Samba Samba 3.0.20 Slackware Linux 10.2 Samba Samba 3.0.14 Samba Samba 3.0.13 Samba Samba 3.0.12 Samba Samba 3.0.11 Samba Samba 3.0.10 Slackware Linux 10.1 Trustix Secure Enterprise Linux 2.0 Trustix Secure Enterprise Linux 2.0 Trustix Secure Enterprise Linux 2.0 Trustix Secure Linux 2.2 Trustix Secure Linux 2.2 Trustix Secure Linux 2.2 Trustix Secure Linux 2.1 Trustix Secure Linux 2.1 Trustix Secure Linux 2.1 Samba Samba 3.0.2 a Samba Samba 3.0.2 Samba Samba 3.0.1 Samba Samba 3.0 alpha Samba Samba 3.0 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.3 Samba Samba 2.2.12 Trustix Secure Linux 2.0 Trustix Secure Linux 1.5 Samba Samba 2.2.11 Samba Samba 2.2.9 Samba Samba 2.2.8 a Samba Samba 2.2.8 Conectiva Linux 8.0 Conectiva Linux 8.0 Conectiva Linux 7.0 Conectiva Linux 7.0 FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.8 FreeBSD FreeBSD 4.8 FreeBSD FreeBSD 4.7 FreeBSD FreeBSD 4.7 FreeBSD FreeBSD 4.6 FreeBSD FreeBSD 4.6 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 amd64 MandrakeSoft Linux Mandrake 9.2 MandrakeSoft Linux Mandrake 9.2 Trustix Secure Linux 1.5 Trustix Secure Linux 1.5 Trustix Secure Linux 1.2 Trustix Secure Linux 1.2 Samba Samba 2.2.7 a Samba Samba 2.2.7 RedHat Linux 8.0 i386 RedHat Linux 8.0 RedHat Linux 7.3 i386 RedHat Linux 7.3 RedHat Linux 7.2 ia64 RedHat Linux 7.2 i686 RedHat Linux 7.2 i386 RedHat Linux 7.2 Sun Linux 5.0.6 Sun Linux 5.0.6 Sun Solaris 9_x86 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 9 Samba Samba 2.2.6 Samba Samba 2.2.5 Samba Samba 2.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.2 Gentoo Linux 1.4 _rc3 Gentoo Linux 1.4 _rc3 HP CIFS/9000 Server A.01.09.02 HP CIFS/9000 Server A.01.09.02 HP CIFS/9000 Server A.01.09.01 HP CIFS/9000 Server A.01.09.01 HP CIFS/9000 Server A.01.09 HP CIFS/9000 Server A.01.09 HP CIFS/9000 Server A.01.08.01 HP CIFS/9000 Server A.01.08.01 HP CIFS/9000 Server A.01.08 HP CIFS/9000 Server A.01.08 HP CIFS/9000 Server A.01.07 HP CIFS/9000 Server A.01.07 HP CIFS/9000 Server A.01.06 HP CIFS/9000 Server A.01.06 HP CIFS/9000 Server A.01.05 HP CIFS/9000 Server A.01.05 OpenPKG OpenPKG 1.1 OpenPKG OpenPKG 1.1 RedHat Linux 8.0 i686 RedHat Linux 8.0 i686 RedHat Linux 8.0 i386 RedHat Linux 8.0 i386 RedHat Linux 8.0 RedHat Linux 8.0 S.u.S.E. Linux 8.1 S.u.S.E. Linux 8.1 Samba Samba 2.2.4 Samba Samba 2.2.3 a Conectiva Linux 8.0 Conectiva Linux 8.0 Debian Linux 3.0 sparc Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 m68k Debian Linux 3.0 ia64 Debian Linux 3.0 ia64 Debian Linux 3.0 ia32 Debian Linux 3.0 ia32 Debian Linux 3.0 hppa Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 alpha Debian Linux 3.0 Debian Linux 3.0 MandrakeSoft Linux Mandrake 8.2 ppc MandrakeSoft Linux Mandrake 8.2 ppc MandrakeSoft Linux Mandrake 8.2 MandrakeSoft Linux Mandrake 8.2 RedHat Linux 7.3 i686 RedHat Linux 7.3 i686 RedHat Linux 7.3 i386 RedHat Linux 7.3 i386 RedHat Linux 7.3 RedHat Linux 7.3 S.u.S.E. Linux 8.0 i386 S.u.S.E. Linux 8.0 i386 S.u.S.E. Linux 8.0 S.u.S.E. Linux 8.0 Samba Samba 2.2.3 a Conectiva Linux 8.0 Conectiva Linux 8.0 Debian Linux 3.0 sparc Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 m68k Debian Linux 3.0 ia64 Debian Linux 3.0 ia64 Debian Linux 3.0 ia32 Debian Linux 3.0 ia32 Debian Linux 3.0 hppa Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 alpha Debian Linux 3.0 Debian Linux 3.0 S.u.S.E. Linux 8.0 S.u.S.E. Linux 8.0 Samba Samba 2.2.3 Samba Samba 2.2.2 Samba Samba 2.2.1 a Samba Samba 2.2.1 a Samba Samba 2.2 a Samba Samba 2.2 .0a Samba Samba 2.2 .0 S.u.S.E. Linux 7.2 S.u.S.E. Linux 7.2 Samba Samba 2.0.10 Samba Samba 2.0.9 Samba Samba 2.0.8 Samba Samba 2.0.7 Caldera OpenLinux 2.3 Caldera OpenLinux 2.3 Conectiva Linux 6.0 Conectiva Linux 6.0 Conectiva Linux 5.1 Conectiva Linux 5.1 Conectiva Linux 5.0 Conectiva Linux 5.0 Conectiva Linux 4.2 Conectiva Linux 4.2 Conectiva Linux 4.1 Conectiva Linux 4.1 Conectiva Linux 4.0 es Conectiva Linux 4.0 es Conectiva Linux 4.0 Conectiva Linux 4.0 Conectiva Linux graficas Conectiva Linux graficas Conectiva Linux ecommerce Conectiva Linux ecommerce Debian Linux 2.3 sparc Debian Linux 2.3 sparc Debian Linux 2.3 powerpc Debian Linux 2.3 powerpc Debian Linux 2.3 alpha Debian Linux 2.3 alpha Debian Linux 2.3 Debian Linux 2.3 Debian Linux 2.2 sparc Debian Linux 2.2 sparc Debian Linux 2.2 powerpc Debian Linux 2.2 powerpc Debian Linux 2.2 arm Debian Linux 2.2 arm Debian Linux 2.2 alpha Debian Linux 2.2 alpha Debian Linux 2.2 68k Debian Linux 2.2 68k Debian Linux 2.2 Debian Linux 2.2 FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.2 FreeBSD FreeBSD 4.2 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.1 MandrakeSoft Linux Mandrake 7.0 MandrakeSoft Linux Mandrake 7.0 Progeny Debian 1.0 Progeny Debian 1.0 RedHat Linux 7.1 i686 RedHat Linux 7.1 i686 RedHat Linux 7.1 i586 RedHat Linux 7.1 i586 RedHat Linux 7.1 i386 RedHat Linux 7.1 i386 RedHat Linux 7.1 RedHat Linux 7.1 RedHat Linux 7.0 i686 RedHat Linux 7.0 i686 RedHat Linux 7.0 i386 RedHat Linux 7.0 i386 RedHat Linux 7.0 RedHat Linux 7.0 RedHat Linux 6.2 E sparc RedHat Linux 6.2 E i386 RedHat Linux 6.2 E alpha RedHat Linux 6.2 sparc RedHat Linux 6.2 i386 RedHat Linux 6.2 alpha RedHat Linux 6.1 sparc RedHat Linux 6.1 i386 RedHat Linux 6.1 alpha SCO eDesktop 2.4 SCO eDesktop 2.4 SCO eServer 2.3.1 SCO eServer 2.3.1 Sun Cobalt Qube3 4000WG Sun Cobalt Qube3 4000WG Sun Cobalt RaQ 550 4100R Sun Cobalt RaQ 550 4100R Sun Cobalt RaQ XTR 3500R Sun Cobalt RaQ XTR 3500R Trustix Secure Linux 1.2 Trustix Secure Linux 1.2 Trustix Secure Linux 1.1 Trustix Secure Linux 1.1 Wirex Immunix OS 7.0 Beta Wirex Immunix OS 7.0 Beta Wirex Immunix OS 7.0 Wirex Immunix OS 7.0 Wirex Immunix OS 6.2 Wirex Immunix OS 6.2 Samba Samba 2.0.6 RedHat Linux 6.2 sparcv9 RedHat Linux 6.2 sparcv9 RedHat Linux 6.2 E sparc RedHat Linux 6.2 E sparc RedHat Linux 6.2 E i386 RedHat Linux 6.2 E i386 RedHat Linux 6.2 E alpha RedHat Linux 6.2 E alpha RedHat Linux 6.2 sparc RedHat Linux 6.2 sparc RedHat Linux 6.2 i386 RedHat Linux 6.2 i386 RedHat Linux 6.2 alpha RedHat Linux 6.2 alpha RedHat Linux 6.2 RedHat Linux 6.2 Sun Cobalt RaQ4 3001R Sun Cobalt RaQ4 3001R Samba Samba 2.0.5 Caldera OpenLinux 2.3 Caldera OpenLinux 2.3 SCO eServer 2.3.1 SCO eServer 2.3.1 Samba Samba 2.0.4 Samba Samba 2.0.3 Samba Samba 2.0.2 Samba Samba 2.0.1 Samba Samba 2.0 .0 Samba Samba 3.0.27a Samba Samba 3.0.26a Samba Samba 3.0.23d MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 Samba Samba 3.0.23c Slackware Linux 11.0 Samba Samba 3.0.23b Samba Samba 3.0.23a Samba Samba 3.0.21c Samba Samba 3.0.21b Samba Samba 3.0.21a Samba Samba 3.0.20b Samba Samba 3.0.20a Samba Samba 3.0.14a S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Desktop 1.0 rPath rPath Linux 1 RedHat Fedora 8 0 RedHat Fedora 7 0 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4.5.z RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4.5.z RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 3 RedHat Enterprise Linux AS 2.1 IA64 RedHat Enterprise Linux AS 2.1 RedHat Enterprise Linux 5 server RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 MandrakeSoft Linux Mandrake 2008.0 x86_64 MandrakeSoft Linux Mandrake 2008.0 MandrakeSoft Linux Mandrake 2007.1 x86_64 MandrakeSoft Linux Mandrake 2007.1 MandrakeSoft Linux Mandrake 2007.0 x86_64 MandrakeSoft Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 HP HPUX B.11.31 HP HPUX B.11.23 HP HPUX B.11.11 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia64 Debian Linux 3.1 ia32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia64 Debian Linux 4.0 ia32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya Messaging Storage Server MSS 3.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 3.1 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Message Networking Avaya Intuity AUDIX LX 2.0 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.5
Not Vulnerable	Samba Samba 3.0.28 Apple Mac OS X Server 10.5.2 Apple Mac OS X 10.5.2
Code	The following proof-of-concept code is available: /data/vulnerabilities/exploits/26791-smb_mailslot.c
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-18 ReVou Comment Field HTML Injection Vulnerability
• 2009-12-18 Adobe Flash Media Server Resource Exhaustion Remote Denial of Service Vulnerability
• 2009-12-18 Centreon Authentication Mechanism Security Bypass Vulnerability
• 2009-12-18 Family Connections Multiple Input Validation Vulnerabilities
• 2009-12-18 Drupal Contact and Menu Modules Multiple HTML Injection Vulnerabilities
• 2009-12-18 Mozilla Firefox and SeaMonkey NTLM Credential Reflection Authentication Bypass Vulnerability
• 2009-12-18 Mozilla Firefox CVE-2009-3982 JavaScript Engine Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Zen Cart Insecure File and Programs Information Disclosure and Database Deletion Vulnerability
• 2009-12-17 Winamp Module Decoder Plugin Multiple Buffer Overflow Vulnerabilities
• 2009-12-17 Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sat, 19 Dec 2009 02:09:32 +0000