Vulnerability in Mandrakesoft Mandrake_linux

CVE-2007-0454

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly han…

EPSS: 0.064 (92.8th percentile) — read the EPSS interpretation.

Affected products

Mandrakesoft Mandrake_linux — versions 2006
Mandrakesoft Mandrake_linux_corporate_server — versions 3.0, 4.0
Mandrakesoft Mandrake_linuxsoft_2007
Samba — versions 3.0.6, 3.0.7, 3.0.8
Debian Debian_linux — versions 3.0, 3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

secalert@redhat.com (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (mailing-list, x_refsource_BUGTRAQ)
secalert@redhat.com (vendor-advisory, x_refsource_GENTOO)
secalert@redhat.com (vendor-advisory, x_refsource_OPENPKG)
secalert@redhat.com (vdb-entry, x_refsource_SECTRACK)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)