Think you have a false positive on this rule?

Sid 1-11442

Message

NETBIOS DCERPC NCACN-IP-TCP lsarpc LsarAddPrivilegesToAccount overflow attempt

Summary

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfsiodfsEnumInfod), (2) RFNPCNEX (smbionotifyoptiontypedata), (3) LsarAddPrivilegesToAccount (lsaioprivilegeset), (4) NetSetFileSecurity (secioacl), or (5) LsarLookupSids/LsarLookupSids2 (lsaiotrans_names).

Impact

CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2007-2446:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2007-2446: Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfsiodfsEnumInfod), (2) RFNPCNEX (smbionotifyoptiontypedata), (3) LsarAddPrivilegesToAccount (lsaioprivilegeset), (4) NetSetFileSecurity (secioacl), or (5) LsarLookupSids/LsarLookupSids2 (lsaiotrans_names).

Affected systems

  • samba samba 3.0.0
  • samba samba 3.0.1
  • samba samba 3.0.2
  • samba samba 3.0.2a
  • samba samba 3.0.10
  • samba samba 3.0.11
  • samba samba 3.0.12
  • samba samba 3.0.13
  • samba samba 3.0.14
  • samba samba 3.0.14a
  • samba samba 3.0.15
  • samba samba 3.0.16
  • samba samba 3.0.17
  • samba samba 3.0.18
  • samba samba 3.0.19
  • samba samba 3.0.20
  • samba samba 3.0.20a
  • samba samba 3.0.20b
  • samba samba 3.0.21
  • samba samba 3.0.21a
  • samba samba 3.0.21b
  • samba samba 3.0.21c
  • samba samba 3.0.22
  • samba samba 3.0.23
  • samba samba 3.0.23a
  • samba samba 3.0.23b
  • samba samba 3.0.23c
  • samba samba 3.0.23d
  • samba samba 3.0.24
  • samba samba 3.0.25

Ease of attack

CVE-2007-2446:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References