CVE-2007-2447
First published: Mon May 14 2007(Updated: )
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba | =3.0.19 | |
| Samba | =3.0.14a | |
| Samba | =3.0.3 | |
| Samba | =3.0.8 | |
| Samba | =3.0.25-pre2 | |
| Samba | =3.0.2a | |
| Samba | =3.0.5 | |
| Samba | =3.0.6 | |
| Samba | =3.0.21a | |
| Samba | =3.0.25-rc1 | |
| Samba | =3.0.23 | |
| Samba | =3.0.4-rc1 | |
| Samba | =3.0.20a | |
| Samba | =3.0.21b | |
| Samba | =3.0.0 | |
| Samba | =3.0.9 | |
| Samba | =3.0.11 | |
| Samba | =3.0.7 | |
| Samba | =3.0.13 | |
| Samba | =3.0.20b | |
| Samba | =3.0.16 | |
| Samba | =3.0.17 | |
| Samba | =3.0.21 | |
| Samba | =3.0.14 | |
| Samba | =3.0.25-pre1 | |
| Samba | =3.0.21c | |
| Samba | =3.0.23b | |
| Samba | =3.0.25-rc3 | |
| Samba | =3.0.2 | |
| Samba | =3.0.12 | |
| Samba | =3.0.20 | |
| Samba | =3.0.18 | |
| Samba | =3.0.24 | |
| Samba | =3.0.10 | |
| Samba | =3.0.23d | |
| Samba | =3.0.25-rc2 | |
| Samba | =3.0.23c | |
| Samba | =3.0.15 | |
| Samba | =3.0.23a | |
| Samba | =3.0.4 | |
| Samba | =3.0.1 | |
| Samba | =3.0.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.samba.org/samba/security/CVE-2007-2447.html
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
- https://issues.rpath.com/browse/RPL-1366
- http://www.redhat.com/support/errata/RHSA-2007-0354.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
- http://www.kb.cert.org/vuls/id/268336
- http://www.securityfocus.com/bid/23972
- http://secunia.com/advisories/25241
- http://secunia.com/advisories/25246
- http://secunia.com/advisories/25256
- http://secunia.com/advisories/25257
- http://www.debian.org/security/2007/dsa-1291
- http://security.gentoo.org/glsa/glsa-200705-15.xml
- http://www.trustix.org/errata/2007/0017/
- http://www.ubuntu.com/usn/usn-460-1
- http://www.osvdb.org/34700
- http://www.securitytracker.com/id?1018051
- http://secunia.com/advisories/25232
- http://secunia.com/advisories/25251
- http://secunia.com/advisories/25270
- http://secunia.com/advisories/25259
- http://secunia.com/advisories/25255
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
- http://docs.info.apple.com/article.html?artnum=306172
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
- http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
- http://www.novell.com/linux/security/advisories/2007_14_sr.html
- http://www.securityfocus.com/bid/25159
- http://secunia.com/advisories/25289
- http://secunia.com/advisories/25567
- http://secunia.com/advisories/25675
- http://secunia.com/advisories/25772
- http://secunia.com/advisories/26083
- http://secunia.com/advisories/26235
- http://secunia.com/advisories/26909
- http://secunia.com/advisories/27706
- http://securityreason.com/securityalert/2700
- http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
- http://secunia.com/advisories/28292
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
- http://www.vupen.com/english/advisories/2007/2281
- http://www.vupen.com/english/advisories/2007/3229
- http://www.vupen.com/english/advisories/2007/2210
- http://www.vupen.com/english/advisories/2007/1805
- http://www.vupen.com/english/advisories/2007/2079
- http://www.vupen.com/english/advisories/2007/2732
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
- http://www.vupen.com/english/advisories/2008/0050
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062
- http://www.securityfocus.com/archive/1/468670/100/0/threaded
- http://www.securityfocus.com/archive/1/468565/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-2447?
CVE-2007-2447 is considered a high severity vulnerability due to the risk of remote command execution.
How do I fix CVE-2007-2447?
To fix CVE-2007-2447, update your Samba installation to a version later than 3.0.25rc3.
What systems are affected by CVE-2007-2447?
CVE-2007-2447 affects Samba versions 3.0.0 up to 3.0.25rc3.
Can CVE-2007-2447 be exploited remotely?
Yes, CVE-2007-2447 can be exploited remotely by sending specially crafted commands.
What is the impact of CVE-2007-2447 on system security?
The impact of CVE-2007-2447 includes potential unauthorized access and control over affected systems.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/samba
- canonical/samba
- version/samba/3.0.19
- version/samba/3.0.14a
- version/samba/3.0.3
- version/samba/3.0.8
- version/samba/3.0.25-pre2
- version/samba/3.0.2a
- version/samba/3.0.5
- version/samba/3.0.6
- version/samba/3.0.21a
- version/samba/3.0.25-rc1
- version/samba/3.0.23
- version/samba/3.0.4-rc1
- version/samba/3.0.20a
- version/samba/3.0.21b
- version/samba/3.0.0
- version/samba/3.0.9
- version/samba/3.0.11
- version/samba/3.0.7
- version/samba/3.0.13
- version/samba/3.0.20b
- version/samba/3.0.16
- version/samba/3.0.17
- version/samba/3.0.21
- version/samba/3.0.14
- version/samba/3.0.25-pre1
- version/samba/3.0.21c
- version/samba/3.0.23b
- version/samba/3.0.25-rc3
- version/samba/3.0.2
- version/samba/3.0.12
- version/samba/3.0.20
- version/samba/3.0.18
- version/samba/3.0.24
- version/samba/3.0.10
- version/samba/3.0.23d
- version/samba/3.0.25-rc2
- version/samba/3.0.23c
- version/samba/3.0.15
- version/samba/3.0.23a
- version/samba/3.0.4
- version/samba/3.0.1
- version/samba/3.0.22