CVE-2007-2446

Name of the Vulnerable Software and Affected Versions: Samba versions 3.0.0 through 3.0.25rc3

Description: The issue involves multiple heap-based buffer overflows in the NDR parsing in smbd, allowing remote attackers to execute arbitrary code via crafted MS-RPC requests. This can be achieved by exploiting various functions, including DFSEnum (netdfs io dfs EnumInfo d), RFNPCNEX (smb io notify option type data), LsarAddPrivilegesToAccount (lsa io privilege set), NetSetFileSecurity (sec io acl), or LsarLookupSids/LsarLookupSids2 (lsa io trans names). The exploitation of these vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information and can be carried out remotely.

Recommendations: For Samba versions 3.0.0 through 3.0.25rc3, update to a version newer than 3.0.25rc3 to resolve the issue. As a temporary workaround, consider restricting access to the smbd service until a patch is available. Avoid using the vulnerable functions, such as DFSEnum, RFNPCNEX, LsarAddPrivilegesToAccount, NetSetFileSecurity, or LsarLookupSids/LsarLookupSids2, in the affected API endpoints until the issue is resolved.