Unrated severityNVD Advisory· Published May 14, 2007· Updated Apr 23, 2026
CVE-2007-2446
CVE-2007-2446
Description
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
Affected products
34cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*+ 33 more
- cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
75- www.samba.org/samba/security/CVE-2007-2446.htmlnvdPatchVendor Advisory
- secunia.com/advisories/25232nvdVendor Advisory
- secunia.com/advisories/25241nvdVendor Advisory
- secunia.com/advisories/25246nvdVendor Advisory
- secunia.com/advisories/25251nvdVendor Advisory
- secunia.com/advisories/25255nvdVendor Advisory
- secunia.com/advisories/25256nvdVendor Advisory
- secunia.com/advisories/25257nvdVendor Advisory
- secunia.com/advisories/25259nvdVendor Advisory
- secunia.com/advisories/25270nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2007-0354.htmlnvdVendor Advisory
- www.kb.cert.org/vuls/id/773720nvdUS Government Resource
- docs.info.apple.com/article.htmlnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlnvd
- lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlnvd
- lists.suse.com/archive/suse-security-announce/2007-May/0006.htmlnvd
- osvdb.org/34699nvd
- osvdb.org/34731nvd
- osvdb.org/34733nvd
- secunia.com/advisories/25289nvd
- secunia.com/advisories/25391/nvd
- secunia.com/advisories/25567nvd
- secunia.com/advisories/25675nvd
- secunia.com/advisories/25772nvd
- secunia.com/advisories/26235nvd
- secunia.com/advisories/26909nvd
- secunia.com/advisories/27706nvd
- secunia.com/advisories/28292nvd
- security.gentoo.org/glsa/glsa-200705-15.xmlnvd
- securityreason.com/securityalert/2702nvd
- slackware.com/security/viewer.phpnvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- www.debian.org/security/2007/dsa-1291nvd
- www.mandriva.com/security/advisoriesnvd
- www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.htmlnvd
- www.osvdb.org/34732nvd
- www.securityfocus.com/archive/1/468542/100/0/threadednvd
- www.securityfocus.com/archive/1/468670/100/0/threadednvd
- www.securityfocus.com/archive/1/468672/100/0/threadednvd
- www.securityfocus.com/archive/1/468673/100/0/threadednvd
- www.securityfocus.com/archive/1/468674/100/0/threadednvd
- www.securityfocus.com/archive/1/468675/100/0/threadednvd
- www.securityfocus.com/archive/1/468680/100/0/threadednvd
- www.securityfocus.com/bid/23973nvd
- www.securityfocus.com/bid/24195nvd
- www.securityfocus.com/bid/24196nvd
- www.securityfocus.com/bid/24197nvd
- www.securityfocus.com/bid/24198nvd
- www.securityfocus.com/bid/25159nvd
- www.securitytracker.com/idnvd
- www.trustix.org/errata/2007/0017/nvd
- www.ubuntu.com/usn/usn-460-1nvd
- www.vupen.com/english/advisories/2007/1805nvd
- www.vupen.com/english/advisories/2007/2079nvd
- www.vupen.com/english/advisories/2007/2210nvd
- www.vupen.com/english/advisories/2007/2281nvd
- www.vupen.com/english/advisories/2007/2732nvd
- www.vupen.com/english/advisories/2007/3229nvd
- www.vupen.com/english/advisories/2008/0050nvd
- www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdfnvd
- www.zerodayinitiative.com/advisories/ZDI-07-029.htmlnvd
- www.zerodayinitiative.com/advisories/ZDI-07-030.htmlnvd
- www.zerodayinitiative.com/advisories/ZDI-07-031.htmlnvd
- www.zerodayinitiative.com/advisories/ZDI-07-032.htmlnvd
- www.zerodayinitiative.com/advisories/ZDI-07-033.htmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34309nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34311nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34312nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34314nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34316nvd
- issues.rpath.com/browse/RPL-1366nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11415nvd
News mentions
0No linked articles in our index yet.