CVE-2007-0454

Name of the Vulnerable Software and Affected Versions: Samba versions 3.0.6 through 3.0.23d Samba version 3.0.24 and earlier

Description: The issue concerns multiple vulnerabilities in the Samba package, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. Specifically, a format string vulnerability exists in the afsacl.so VFS module, allowing context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system. This occurs because the module does not properly handle Windows ACL mapping.

Recommendations: For Samba versions 3.0.6 through 3.0.23d, update to version 3.0.24 or later to resolve the issue. For Samba version 3.0.24 and earlier, update to a version later than 3.0.24 to mitigate the risk. As a temporary workaround, consider restricting access to the afsacl.so VFS module to minimize the risk of exploitation.