Overview
Samba AFS ACL mapping VFS plug-in contains a format string vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
Samba AFS ACL mapping VFS plug-in fails to properly sanitize user-controlled file names that are used in a format specifier supplied to snprintf(). According to Samba Security Advisory CVE-2007-0454: Format string bug in afsacl.so VFS plug-in: This security advisory only impacts Samba servers that share AFS file systems to CIFS clients and which have been explicitly instructed in smb.conf to load the afsacl.so VFS module. |
Impact
If an attacker is able to write a file to a share that uses the afsacl.so library, that attacker may be able to execute arbitrary code. |
Solution
Apply a patch |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://samba.org/samba/security/CVE-2007-0454.html
- http://us4.samba.org/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-0454.patch
- http://news.samba.org/releases/3.0.24/
- http://secunia.com/advisories/24021/
- http://secunia.com/advisories/24060/
- http://secunia.com/advisories/24046/
- http://securitytracker.com/alerts/2007/Feb/1017588.html
- http://secunia.com/advisories/24145/
- http://www.securityfocus.com/bid/22403
Acknowledgements
This vulnerability was reported by Gerald Carter.
This document was written by Jeff Gennari based on information from Samba.
Other Information
| CVE IDs: | CVE-2007-0454 |
| Severity Metric: | 1.82 |
| Date Public: | 2007-02-05 |
| Date First Published: | 2007-02-07 |
| Date Last Updated: | 2007-03-29 19:29 UTC |
| Document Revision: | 21 |