Vulnerability Details : CVE-2007-2447
Public exploit exists!
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Products affected by CVE-2007-2447
- cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-2447
78.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-2447
-
Samba "username map script" Command Execution
Disclosure Date: 2007-05-14First seen: 2020-04-26exploit/multi/samba/usermap_scriptThis module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary
CVSS scores for CVE-2007-2447
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
References for CVE-2007-2447
-
http://www.vupen.com/english/advisories/2008/0050
Site en construction
-
http://www.vupen.com/english/advisories/2007/3229
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.vupen.com/english/advisories/2007/2210
Site en construction
-
http://www.vupen.com/english/advisories/2007/2281
Site en construction
-
http://security.gentoo.org/glsa/glsa-200705-15.xml
Samba: Multiple vulnerabilities (GLSA 200705-15) — Gentoo security
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062
404 Not Found
-
http://www.redhat.com/support/errata/RHSA-2007-0354.html
Support
-
http://securityreason.com/securityalert/2700
Samba 3.0.0 - 3.0.25rc3: Remote Command Injection Vulnerability - CXSecurity.com
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
-
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
-
http://www.debian.org/security/2007/dsa-1291
Debian -- The Universal Operating System
-
http://www.kb.cert.org/vuls/id/268336
VU#268336 - Samba command injection vulnerabilityUS Government Resource
-
http://docs.info.apple.com/article.html?artnum=306172
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
-
http://www.securityfocus.com/bid/25159
-
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
Page not found – Xerox Nav Content- Production
-
http://www.vupen.com/english/advisories/2007/1805
Site en construction
-
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
Object not found!
-
http://www.securityfocus.com/bid/23972
Samba MS-RPC Remote Shell Command Execution Vulnerability
-
http://www.securitytracker.com/id?1018051
Access Denied
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
[Full-Disclosure] Mailing List Charter
-
http://www.samba.org/samba/security/CVE-2007-2447.html
Samba - Security Announcement ArchivePatch;Vendor Advisory
-
http://www.ubuntu.com/usn/usn-460-1
USN-460-1: Samba vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.trustix.org/errata/2007/0017/
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.securityfocus.com/archive/1/468670/100/0/threaded
-
http://www.vupen.com/english/advisories/2007/2732
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
-
http://www.vupen.com/english/advisories/2007/2079
Site en construction
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
The Slackware Linux Project: Slackware Security Advisories
-
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
-
http://www.securityfocus.com/archive/1/468565/100/0/threaded
-
https://issues.rpath.com/browse/RPL-1366
-
http://www.novell.com/linux/security/advisories/2007_14_sr.html
Security - Support | SUSE
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
Mandriva
Jump to