Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

0

CVE-2007-2447

Disclosure Date: May 14, 2007 •

Description

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the “username map script” smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

Metasploit Modules

Samba "username map script" Command Execution (https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/samba/usermap_script.rb)

References

Canonical

CVE-2007-2447 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447)

BID-23972 (http://www.securityfocus.com/bid/23972)

BID-25159 (http://www.securityfocus.com/bid/25159)

Advisory

GLSA-200705-15 (http://security.gentoo.org/glsa/glsa-200705-15.xml)

SECUNIA-25289 (http://secunia.com/advisories/25289)

20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player (http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062

http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf

ADV-2007-2732 (http://www.vupen.com/english/advisories/2007/2732)

ADV-2007-1805 (http://www.vupen.com/english/advisories/2007/1805)

SECUNIA-26083 (http://secunia.com/advisories/26083)

ADV-2007-3229 (http://www.vupen.com/english/advisories/2007/3229)

SECUNIA-25772 (http://secunia.com/advisories/25772)

HPSBUX02218 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768)

20070513 [SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability (http://www.securityfocus.com/archive/1/468565/100/0/threaded)

SECUNIA-25257 (http://secunia.com/advisories/25257)

VU#268336 (http://www.kb.cert.org/vuls/id/268336)

http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html

SECUNIA-25270 (http://secunia.com/advisories/25270)

20070515 FLEA-2007-0017-1: samba (http://www.securityfocus.com/archive/1/468670/100/0/threaded)

http://www.novell.com/linux/security/advisories/2007_14_sr.html

APPLE-SA-2007-07-31 (http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html)

ADV-2007-2281 (http://www.vupen.com/english/advisories/2007/2281)

ADV-2007-2210 (http://www.vupen.com/english/advisories/2007/2210)

HPSBTU02218 (http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980)

USN-460-1 (http://www.ubuntu.com/usn/usn-460-1)

SECUNIA-25567 (http://secunia.com/advisories/25567)

SECUNIA-25241 (http://secunia.com/advisories/25241)

SECUNIA-28292 (http://secunia.com/advisories/28292)

http://www.samba.org/samba/security/CVE-2007-2447.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:104

SECUNIA-25256 (http://secunia.com/advisories/25256)

https://issues.rpath.com/browse/RPL-1366

SECUNIA-25259 (http://secunia.com/advisories/25259)

OSVDB-34700 (http://www.osvdb.org/34700)

SUNALERT-102964 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1)

SECUNIA-26909 (http://secunia.com/advisories/26909)

ADV-2008-0050 (http://www.vupen.com/english/advisories/2008/0050)

SECUNIA-27706 (http://secunia.com/advisories/27706)

DSA-1291 (http://www.debian.org/security/2007/dsa-1291)

SECTRACK-1018051 (http://www.securitytracker.com/id?1018051)

http://docs.info.apple.com/article.html?artnum=306172

SREASON-2700 (http://securityreason.com/securityalert/2700)

SECUNIA-25232 (http://secunia.com/advisories/25232)

SECUNIA-25251 (http://secunia.com/advisories/25251)

SUNALERT-200588 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1)

SECUNIA-25246 (http://secunia.com/advisories/25246)

SECUNIA-25255 (http://secunia.com/advisories/25255)

http://www.redhat.com/support/errata/RHSA-2007-0354.html

SECUNIA-26235 (http://secunia.com/advisories/26235)

SECUNIA-25675 (http://secunia.com/advisories/25675)

ADV-2007-2079 (http://www.vupen.com/english/advisories/2007/2079)

Miscellaneous

OpenPKG-SA-2007.012 (http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html)

2007-0017 (http://www.trustix.org/errata/2007/0017)

http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906

20070514 Samba SAMR Change Password Remote Command Injection Vulnerability (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534)

Rapid7

Technical Analysis