CVE-2007-2447

Severity

60%

Complexity

68%

Confidentiality

106%

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

CVSS 2.0 Base Score 6. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P).

Overview

Type

Samba

First reported 17 years ago

2007-05-14 21:19:00

Last updated 6 years ago

2018-10-16 16:43:00

Affected Software

Samba 3.0.0

3.0.0

Samba 3.0.1

3.0.1

Samba 3.0.2

3.0.2

Samba 3.0.2a

3.0.2a

Samba 3.0.3

3.0.3

Samba 3.0.4

3.0.4

Samba 3.0.4 release candidate 1

3.0.4

Samba 3.0.5

3.0.5

Samba 3.0.6

3.0.6

Samba 3.0.7

3.0.7

Samba 3.0.8

3.0.8

Samba 3.0.9

3.0.9

Samba 3.0.10

3.0.10

Samba 3.0.11

3.0.11

Samba 3.0.12

3.0.12

Samba 3.0.13

3.0.13

Samba 3.0.14

3.0.14

Samba 3.0.14a

3.0.14a

Samba 3.0.15

3.0.15

Samba 3.0.16

3.0.16

Samba 3.0.17

3.0.17

Samba 3.0.18

3.0.18

Samba 3.0.19

3.0.19

Samba 3.0.20

3.0.20

Samba 3.0.20a

3.0.20a

Samba 3.0.20b

3.0.20b

Samba 3.0.21

3.0.21

Samba 3.0.21a

3.0.21a

Samba 3.0.21b

3.0.21b

Samba 3.0.21c

3.0.21c

Samba 3.0.22

3.0.22

Samba 3.0.23

3.0.23

Samba 3.0.23a

3.0.23a

Samba 3.0.23b

3.0.23b

Samba 3.0.23c

3.0.23c

Samba 3.0.23d

3.0.23d

Samba 3.0.24

3.0.24

Samba 3.0.25 pre1

3.0.25

Samba 3.0.25 pre2

3.0.25

Samba 3.0.25 release candidate 1

3.0.25

Samba 3.0.25 release candiate 2

3.0.25

Samba 3.0.25 release candidate 3

3.0.25

References

http://docs.info.apple.com/article.html?artnum=306172

HPSBUX02218

HPSBTU02218

20070514 Samba SAMR Change Password Remote Command Injection Vulnerability

APPLE-SA-2007-07-31

20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

SUSE-SA:2007:031

25232

Vendor Advisory

25241

Vendor Advisory

25246

Vendor Advisory

25251

Vendor Advisory

25255

Vendor Advisory

25256

Vendor Advisory

25257

Vendor Advisory

25259

Vendor Advisory

25270

Vendor Advisory

25289

25567

25675

25772

26083

26235

26909

27706

28292

GLSA-200705-15

2700

SSA:2007-134-01

102964

200588

DSA-1291

VU#268336

US Government Resource

MDKSA-2007:104

SUSE-SR:2007:014

OpenPKG-SA-2007.012

34700

RHSA-2007:0354

http://www.samba.org/samba/security/CVE-2007-2447.html

Patch, Vendor Advisory

20070513 [SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability

20070515 FLEA-2007-0017-1: samba

23972

25159

1018051

2007-0017

USN-460-1

ADV-2007-1805

ADV-2007-2079

ADV-2007-2210

ADV-2007-2281

ADV-2007-2732

ADV-2007-3229

ADV-2008-0050

http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf

https://issues.rpath.com/browse/RPL-1366

oval:org.mitre.oval:def:10062

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.