Unrated severityNVD Advisory· Published Feb 6, 2007· Updated Apr 23, 2026

CVE-2007-0454

Description

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

Affected products

Samba (software)/Samba19 versions
cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
Debian/Debian Linux25 versions
cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*
Mandrakesoft/Mandrake Linux2 versions
cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:2006:*:x86_64:*:*:*:*:*
Mandrakesoft/Mandrake Linux Corporate Server4 versions
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
Mandrakesoft/Mandrake Linuxsoft 20072 versions
cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linuxsoft_2007:*:*:x86_64:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/22403nvdPatch
secunia.com/advisories/24021nvdVendor Advisory
secunia.com/advisories/24046nvdVendor Advisory
secunia.com/advisories/24060nvdVendor Advisory
secunia.com/advisories/24067nvdVendor Advisory
secunia.com/advisories/24101nvdVendor Advisory
secunia.com/advisories/24145nvdVendor Advisory
secunia.com/advisories/24151nvdVendor Advisory
www.vupen.com/english/advisories/2007/0483nvdVendor Advisory
www.kb.cert.org/vuls/id/649732nvdUS Government Resource
osvdb.org/33101nvd
securitytracker.com/idnvd
slackware.com/security/viewer.phpnvd
us1.samba.org/samba/security/CVE-2007-0454.htmlnvd
www.debian.org/security/2007/dsa-1257nvd
www.gentoo.org/security/en/glsa/glsa-200702-01.xmlnvd
www.mandriva.com/security/advisoriesnvd
www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.htmlnvd
www.securityfocus.com/archive/1/459179/100/0/threadednvd
www.securityfocus.com/archive/1/459365/100/0/threadednvd
www.trustix.org/errata/2007/0007nvd
www.ubuntu.com/usn/usn-419-1nvd
exchange.xforce.ibmcloud.com/vulnerabilities/32304nvd
issues.rpath.com/browse/RPL-1005nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000