CVE-2007-0454
NONE EPSS 92.8%
Published Feb 6, 200719y ago · Modified Jun 16, 20262w ago
Published Feb 6, 2007 19y ago
Last Modified Jun 16, 2026 2w ago
Description
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.
Threat Intelligence
EPSS Exploit Probability
92.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-134
Affected Products 52
| Vendor | Product | Version | Range |
|---|---|---|---|
| samba | samba | 3.0.6 | any |
| samba | samba | 3.0.7 | any |
| samba | samba | 3.0.8 | any |
| samba | samba | 3.0.9 | any |
| samba | samba | 3.0.10 | any |
| samba | samba | 3.0.11 | any |
| samba | samba | 3.0.12 | any |
| samba | samba | 3.0.13 | any |
| samba | samba | 3.0.14 | any |
| samba | samba | 3.0.14a | any |
| samba | samba | 3.0.20 | any |
| samba | samba | 3.0.20a | any |
| samba | samba | 3.0.20b | any |
| samba | samba | 3.0.21 | any |
| samba | samba | 3.0.21a | any |
| samba | samba | 3.0.21b | any |
| samba | samba | 3.0.21c | any |
| samba | samba | 3.0.22 | any |
| samba | samba | 3.0.23d | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| debian | debian_linux | 3.1 | any |
| mandrakesoft | mandrake_linux | 2006 | any |
| mandrakesoft | mandrake_linux | 2006 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 4.0 | any |
| mandrakesoft | mandrake_linux_corporate_server | 4.0 | any |
| mandrakesoft | mandrake_linuxsoft_2007 | * | any |
| mandrakesoft | mandrake_linuxsoft_2007 | * | any |
References 24
- osvdb.org http://osvdb.org/33101
- secunia.com http://secunia.com/advisories/24021
- secunia.com http://secunia.com/advisories/24046
- secunia.com http://secunia.com/advisories/24060
- secunia.com http://secunia.com/advisories/24067
- secunia.com http://secunia.com/advisories/24101
- secunia.com http://secunia.com/advisories/24145
- secunia.com http://secunia.com/advisories/24151
- securitytracker.com http://securitytracker.com/id?1017588
- slackware.com http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
- us1.samba.org http://us1.samba.org/samba/security/CVE-2007-0454.html
- debian.org http://www.debian.org/security/2007/dsa-1257
- gentoo.org http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
- kb.cert.org http://www.kb.cert.org/vuls/id/649732
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
- openpkg.com http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
- securityfocus.com http://www.securityfocus.com/archive/1/459179/100/0/threaded
- securityfocus.com http://www.securityfocus.com/archive/1/459365/100/0/threaded
- securityfocus.com http://www.securityfocus.com/bid/22403
- trustix.org http://www.trustix.org/errata/2007/0007
- ubuntu.com http://www.ubuntu.com/usn/usn-419-1
- vupen.com http://www.vupen.com/english/advisories/2007/0483
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/32304
- issues.rpath.com https://issues.rpath.com/browse/RPL-1005
Remediation
- securityfocus.com http://www.securityfocus.com/bid/22403