Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Samba | Samba | 3.0.21 (including) | 3.0.21 (including) |
| Samba | Samba | 3.0.21a (including) | 3.0.21a (including) |
| Samba | Samba | 3.0.21b (including) | 3.0.21b (including) |
| Samba | Samba | 3.0.21c (including) | 3.0.21c (including) |
| Samba | Samba | 3.0.22 (including) | 3.0.22 (including) |
| Samba | Samba | 3.0.23 (including) | 3.0.23 (including) |
| Samba | Samba | 3.0.23a (including) | 3.0.23a (including) |
| Samba | Samba | 3.0.23b (including) | 3.0.23b (including) |
| Samba | Samba | 3.0.23c (including) | 3.0.23c (including) |
| Samba | Samba | 3.0.23d (including) | 3.0.23d (including) |
| Samba | Ubuntu | devel | * |
| Samba | Ubuntu | feisty | * |
References
- http://osvdb.org/33098
- http://secunia.com/advisories/24043
- http://secunia.com/advisories/24101
- http://secunia.com/advisories/24151
- http://securitytracker.com/id?1017589
- http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.476916
- http://us1.samba.org/samba/security/CVE-2007-0453.html
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
- http://www.securityfocus.com/archive/1/459168/100/0/threaded
- http://www.securityfocus.com/archive/1/459365/100/0/threaded
- http://www.securityfocus.com/bid/22410
- http://www.trustix.org/errata/2007/0007
- http://www.vupen.com/english/advisories/2007/0483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32231
- https://issues.rpath.com/browse/RPL-1005
- http://osvdb.org/33098
- http://secunia.com/advisories/24043
- http://secunia.com/advisories/24101
- http://secunia.com/advisories/24151
- http://securitytracker.com/id?1017589
- http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.476916
- http://us1.samba.org/samba/security/CVE-2007-0453.html
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
- http://www.securityfocus.com/archive/1/459168/100/0/threaded
- http://www.securityfocus.com/archive/1/459365/100/0/threaded
- http://www.securityfocus.com/bid/22410
- http://www.trustix.org/errata/2007/0007
- http://www.vupen.com/english/advisories/2007/0483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32231
- https://issues.rpath.com/browse/RPL-1005