6

CVE-2007-2447

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version3.0.0
SambaSamba Version3.0.1
SambaSamba Version3.0.2
SambaSamba Version3.0.2a
SambaSamba Version3.0.3
SambaSamba Version3.0.4
SambaSamba Version3.0.4 Updaterc1
SambaSamba Version3.0.5
SambaSamba Version3.0.6
SambaSamba Version3.0.7
SambaSamba Version3.0.8
SambaSamba Version3.0.9
SambaSamba Version3.0.10
SambaSamba Version3.0.11
SambaSamba Version3.0.12
SambaSamba Version3.0.13
SambaSamba Version3.0.14
SambaSamba Version3.0.14a
SambaSamba Version3.0.15
SambaSamba Version3.0.16
SambaSamba Version3.0.17
SambaSamba Version3.0.18
SambaSamba Version3.0.19
SambaSamba Version3.0.20
SambaSamba Version3.0.20a
SambaSamba Version3.0.20b
SambaSamba Version3.0.21
SambaSamba Version3.0.21a
SambaSamba Version3.0.21b
SambaSamba Version3.0.21c
SambaSamba Version3.0.22
SambaSamba Version3.0.23
SambaSamba Version3.0.23a
SambaSamba Version3.0.23b
SambaSamba Version3.0.23c
SambaSamba Version3.0.23d
SambaSamba Version3.0.24
SambaSamba Version3.0.25 Updatepre1
SambaSamba Version3.0.25 Updatepre2
SambaSamba Version3.0.25 Updaterc1
SambaSamba Version3.0.25 Updaterc2
SambaSamba Version3.0.25 Updaterc3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 49.76% 0.987
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6 6.8 6.4
AV:N/AC:M/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://www.vupen.com/english/advisories/2007/3229
http://docs.info.apple.com/article.html?artnum=306172
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://secunia.com/advisories/26235
http://www.securityfocus.com/bid/25159
http://www.vupen.com/english/advisories/2007/2732
http://secunia.com/advisories/26083
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
http://secunia.com/advisories/25255
Vendor Advisory
http://www.trustix.org/errata/2007/0017/
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
http://secunia.com/advisories/25232
Vendor Advisory
http://secunia.com/advisories/25241
Vendor Advisory
http://secunia.com/advisories/25246
Vendor Advisory
http://secunia.com/advisories/25251
Vendor Advisory
http://secunia.com/advisories/25256
Vendor Advisory
http://secunia.com/advisories/25259
Vendor Advisory
http://secunia.com/advisories/25270
Vendor Advisory
http://secunia.com/advisories/25289
http://secunia.com/advisories/25675
http://secunia.com/advisories/25772
http://security.gentoo.org/glsa/glsa-200705-15.xml
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
http://www.debian.org/security/2007/dsa-1291
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
http://www.securityfocus.com/archive/1/468670/100/0/threaded
http://www.ubuntu.com/usn/usn-460-1
http://www.vupen.com/english/advisories/2007/1805
http://www.vupen.com/english/advisories/2007/2210
http://www.vupen.com/english/advisories/2007/2281
https://issues.rpath.com/browse/RPL-1366
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
http://secunia.com/advisories/25257
Vendor Advisory
http://secunia.com/advisories/25567
http://secunia.com/advisories/28292
http://www.redhat.com/support/errata/RHSA-2007-0354.html
http://www.vupen.com/english/advisories/2007/2079
http://www.vupen.com/english/advisories/2008/0050
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
http://securityreason.com/securityalert/2700
http://www.kb.cert.org/vuls/id/268336
US Government Resource
http://www.osvdb.org/34700
http://www.samba.org/samba/security/CVE-2007-2447.html
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/468565/100/0/threaded
http://www.securityfocus.com/bid/23972
http://www.securitytracker.com/id?1018051
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062
http://www.openwall.com/lists/oss-security/2025/10/16/2