CVE-2007-6015

Name of the Vulnerable Software and Affected Versions: Samba versions 3.0.0 through 3.0.27a

Description: The issue is related to a stack-based buffer overflow in the send mailslot function in nmbd when the "domain logons" option is enabled. This can be exploited remotely via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request, potentially leading to the execution of arbitrary code. The exploitation of this issue may result in a violation of confidentiality, integrity, and availability of protected information.

Recommendations: For Samba versions 3.0.0 through 3.0.27a, update to version 3.0.28 or later to resolve the issue. As a temporary workaround, consider disabling the "domain logons" option to minimize the risk of exploitation. Restrict access to the nmbd service to reduce the attack surface until a patch is applied.