ID CVE-2007-2447
Summary The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
References
Vulnerable Configurations
  • cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
  • cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
    cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 16-10-2018 - 16:43)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:01:03.644-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
family unix
id oval:org.mitre.oval:def:10062
status accepted
submitted 2010-07-09T03:56:16-04:00
title The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
version 30
redhat via4
advisories
bugzilla
id 239774
title CVE-2007-2447 samba code injection
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • comment samba is earlier than 0:3.0.10-1.4E.12.2
          oval oval:com.redhat.rhsa:tst:20070354001
        • comment samba is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060591002
      • AND
        • comment samba-client is earlier than 0:3.0.10-1.4E.12.2
          oval oval:com.redhat.rhsa:tst:20070354003
        • comment samba-client is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060591004
      • AND
        • comment samba-common is earlier than 0:3.0.10-1.4E.12.2
          oval oval:com.redhat.rhsa:tst:20070354005
        • comment samba-common is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060591006
      • AND
        • comment samba-swat is earlier than 0:3.0.10-1.4E.12.2
          oval oval:com.redhat.rhsa:tst:20070354007
        • comment samba-swat is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060591008
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331005
    • OR
      • AND
        • comment samba is earlier than 0:3.0.23c-2.el5.2.0.2
          oval oval:com.redhat.rhsa:tst:20070354010
        • comment samba is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070061002
      • AND
        • comment samba-client is earlier than 0:3.0.23c-2.el5.2.0.2
          oval oval:com.redhat.rhsa:tst:20070354012
        • comment samba-client is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070061004
      • AND
        • comment samba-common is earlier than 0:3.0.23c-2.el5.2.0.2
          oval oval:com.redhat.rhsa:tst:20070354014
        • comment samba-common is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070061006
      • AND
        • comment samba-swat is earlier than 0:3.0.23c-2.el5.2.0.2
          oval oval:com.redhat.rhsa:tst:20070354016
        • comment samba-swat is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070061008
rhsa
id RHSA-2007:0354
released 2007-05-14
severity Critical
title RHSA-2007:0354: samba security update (Critical)
rpms
  • samba-0:2.2.12-1.21as.6
  • samba-0:3.0.10-1.4E.12.2
  • samba-0:3.0.23c-2.el5.2.0.2
  • samba-0:3.0.9-1.3E.13.2
  • samba-client-0:2.2.12-1.21as.6
  • samba-client-0:3.0.10-1.4E.12.2
  • samba-client-0:3.0.23c-2.el5.2.0.2
  • samba-client-0:3.0.9-1.3E.13.2
  • samba-common-0:2.2.12-1.21as.6
  • samba-common-0:3.0.10-1.4E.12.2
  • samba-common-0:3.0.23c-2.el5.2.0.2
  • samba-common-0:3.0.9-1.3E.13.2
  • samba-debuginfo-0:3.0.10-1.4E.12.2
  • samba-debuginfo-0:3.0.23c-2.el5.2.0.2
  • samba-debuginfo-0:3.0.9-1.3E.13.2
  • samba-swat-0:2.2.12-1.21as.6
  • samba-swat-0:3.0.10-1.4E.12.2
  • samba-swat-0:3.0.23c-2.el5.2.0.2
  • samba-swat-0:3.0.9-1.3E.13.2
refmap via4
apple APPLE-SA-2007-07-31
bid
  • 23972
  • 25159
bugtraq
  • 20070513 [SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability
  • 20070515 FLEA-2007-0017-1: samba
cert-vn VU#268336
confirm
debian DSA-1291
fulldisc 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player
gentoo GLSA-200705-15
hp
  • HPSBTU02218
  • HPSBUX02218
  • SSRT071424
idefense 20070514 Samba SAMR Change Password Remote Command Injection Vulnerability
mandriva MDKSA-2007:104
openpkg OpenPKG-SA-2007.012
osvdb 34700
sectrack 1018051
secunia
  • 25232
  • 25241
  • 25246
  • 25251
  • 25255
  • 25256
  • 25257
  • 25259
  • 25270
  • 25289
  • 25567
  • 25675
  • 25772
  • 26083
  • 26235
  • 26909
  • 27706
  • 28292
slackware SSA:2007-134-01
sreason 2700
sunalert
  • 102964
  • 200588
suse
  • SUSE-SA:2007:031
  • SUSE-SR:2007:014
trustix 2007-0017
ubuntu USN-460-1
vupen
  • ADV-2007-1805
  • ADV-2007-2079
  • ADV-2007-2210
  • ADV-2007-2281
  • ADV-2007-2732
  • ADV-2007-3229
  • ADV-2008-0050
Last major update 16-10-2018 - 16:43
Published 14-05-2007 - 21:19
Last modified 16-10-2018 - 16:43
Back to Top