{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<p>Samba, versions 3.0.x.</p>","content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 dans la construction de r\u00e9ponses d'un serveur Samba \u00e0\ndes requ\u00eates Netbios permet \u00e0 un utilisateur malveillant d'ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n\nUne autre vuln\u00e9rabilit\u00e9, exploitable uniquement si le serveur Samba sert\nde contr\u00f4leur de domaine primaire ou secondaire, permet \u00e9galement \u00e0 un\nutilisateur malveillant d'ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2007-6015","url":"https://www.cve.org/CVERecord?id=CVE-2007-6015"},{"name":"CVE-2007-5398","url":"https://www.cve.org/CVERecord?id=CVE-2007-5398"},{"name":"CVE-2007-4572","url":"https://www.cve.org/CVERecord?id=CVE-2007-4572"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200711-29 du 20 novembre    2007 :","url":"http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml"},{"title":"Bulletin de s\u00e9curit\u00e9 Fedora 3402 du 15 novembre 2007 :","url":"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html"},{"title":"Bulletin de s\u00e9curit\u00e9 Debian DSA-1409 du 29 novembre 2007 :","url":"http://www.debian.org/security/2007/dsa-1409"},{"title":"Bulletin du projet Samba du 15 novembre 2007 :","url":"http://us1.samba.org/samba/history/security.html"},{"title":"Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:1013 du 15 novembre    2007 :","url":"http://rhn.redhat.com/errata/RHSA-2007-1013.html"},{"title":"Bulletin de s\u00e9curit\u00e9 HP-UX HPSBUX02316 du 10 mars 2008 :","url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=c01377687"},{"title":"Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:224-1 du 21    novembre 2007 :","url":"http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:224-1"},{"title":"Bulletin de s\u00e9curit\u00e9 Ubuntu USN-544-1 du 15 novembre 2007 :","url":"http://www.ubuntulinux.org/usn/usn-544-1"}],"reference":"CERTA-2007-AVI-502","revisions":[{"description":"version initiale.","revision_date":"2007-11-16T00:00:00.000000"},{"description":"ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Mandriva, Gentoo et Debian.","revision_date":"2007-11-30T00:00:00.000000"},{"description":"ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 HP-UX.","revision_date":"2008-03-13T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":null,"title":"Vuln\u00e9rabilit\u00e9s dans Samba","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 de Samba du 15 novembre 2007","url":null}]}