CVE-2007-0454

NONE EPSS 92.8%
Published Feb 6, 200719y ago · Modified Jun 16, 20262w ago
Find Similar
Published Feb 6, 2007 19y ago
Last Modified Jun 16, 2026 2w ago

Description

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

Threat Intelligence

EPSS Exploit Probability
92.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-134

Affected Products 52

VendorProductVersionRange
sambasamba3.0.6any
sambasamba3.0.7any
sambasamba3.0.8any
sambasamba3.0.9any
sambasamba3.0.10any
sambasamba3.0.11any
sambasamba3.0.12any
sambasamba3.0.13any
sambasamba3.0.14any
sambasamba3.0.14aany
sambasamba3.0.20any
sambasamba3.0.20aany
sambasamba3.0.20bany
sambasamba3.0.21any
sambasamba3.0.21aany
sambasamba3.0.21bany
sambasamba3.0.21cany
sambasamba3.0.22any
sambasamba3.0.23dany
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
debiandebian_linux3.1any
mandrakesoftmandrake_linux2006any
mandrakesoftmandrake_linux2006any
mandrakesoftmandrake_linux_corporate_server3.0any
mandrakesoftmandrake_linux_corporate_server3.0any
mandrakesoftmandrake_linux_corporate_server4.0any
mandrakesoftmandrake_linux_corporate_server4.0any
mandrakesoftmandrake_linuxsoft_2007*any
mandrakesoftmandrake_linuxsoft_2007*any

References 24

  • osvdb.org http://osvdb.org/33101
  • secunia.com http://secunia.com/advisories/24021
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/24046
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/24060
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/24067
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/24101
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/24145
    Vendor Advisory
  • secunia.com http://secunia.com/advisories/24151
    Vendor Advisory
  • securitytracker.com http://securitytracker.com/id?1017588
  • slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
  • us1.samba.org http://us1.samba.org/samba/security/CVE-2007-0454.html
  • debian.org http://www.debian.org/security/2007/dsa-1257
  • gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
  • kb.cert.org http://www.kb.cert.org/vuls/id/649732
    US Government Resource
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
  • openpkg.com http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
  • securityfocus.com http://www.securityfocus.com/archive/1/459179/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/archive/1/459365/100/0/threaded
  • securityfocus.com http://www.securityfocus.com/bid/22403
    Patch
  • trustix.org http://www.trustix.org/errata/2007/0007
  • ubuntu.com http://www.ubuntu.com/usn/usn-419-1
  • vupen.com http://www.vupen.com/english/advisories/2007/0483
    Vendor Advisory
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/32304
  • issues.rpath.com https://issues.rpath.com/browse/RPL-1005

Remediation