CVE-2007-2447

Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution

Severity Score

6.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

La funcionalidad MS-RPC en mbd en Samba 3.0.0 hasta la 3.0.25rc3 permite a atacantes remotos ejecutar comandos de su elección a través del intérprete de comandos (shell) de metacaracteres afectando a la (1) función SamrChangePassword, cuando la opción "secuencia de comandos del mapa del nombre de usuario" smb.conf está activada, y permite a usuarios remotos validados ejecutar comandos a través del intérprete de comandos (shell) de metacaracteres afectando a otras funciones MS-RPC en la (2)impresora remota y (3)gestión de ficheros compartidos.

*Credits: N/A

CVSS Scores

NISTv2 6.0

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-05-02 CVE Reserved
2007-05-14 CVE Published
2010-08-18 First Exploit
2024-08-07 CVE Updated
2024-10-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (81)

URL	Tag	Source
http://docs.info.apple.com/article.html?artnum=306172	X_refsource_confirm
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534	Third Party Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html	Mailing List
http://secunia.com/advisories/25289	Third Party Advisory
http://secunia.com/advisories/25567	Third Party Advisory
http://secunia.com/advisories/25675	Third Party Advisory
http://secunia.com/advisories/25772	Third Party Advisory
http://secunia.com/advisories/26083	Third Party Advisory
http://secunia.com/advisories/26235	Third Party Advisory
http://secunia.com/advisories/26909	Third Party Advisory
http://secunia.com/advisories/27706	Third Party Advisory
http://secunia.com/advisories/28292	Third Party Advisory
http://securityreason.com/securityalert/2700	Third Party Advisory
http://www.kb.cert.org/vuls/id/268336	Third Party Advisory
http://www.osvdb.org/34700	Vdb Entry
http://www.securityfocus.com/archive/1/468565/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/468670/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/23972	Vdb Entry
http://www.securityfocus.com/bid/25159	Vdb Entry
http://www.securitytracker.com/id?1018051	Vdb Entry
http://www.vupen.com/english/advisories/2007/1805	Vdb Entry
http://www.vupen.com/english/advisories/2007/2079	Vdb Entry
http://www.vupen.com/english/advisories/2007/2210	Vdb Entry
http://www.vupen.com/english/advisories/2007/2281	Vdb Entry
http://www.vupen.com/english/advisories/2007/2732	Vdb Entry
http://www.vupen.com/english/advisories/2007/3229	Vdb Entry
http://www.vupen.com/english/advisories/2008/0050	Vdb Entry
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf	X_refsource_confirm
https://issues.rpath.com/browse/RPL-1366	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/16320	2010-08-18
https://github.com/amriunix/CVE-2007-2447	2020-08-16
https://github.com/Ziemni/CVE-2007-2447-in-Python	2021-02-22
https://github.com/ozuma/CVE-2007-2447	2021-03-14
https://github.com/Alien0ne/CVE-2007-2447	2021-06-30
https://github.com/N3rdyN3xus/CVE-2007-2447	2024-08-31
https://github.com/un4gi/CVE-2007-2447	2021-04-12
https://github.com/xbufu/CVE-2007-2447	2021-10-03
https://github.com/mr-l0n3lly/CVE-2007-2447	2022-07-20
https://github.com/0xKn/CVE-2007-2447	2021-03-06
https://github.com/xlcc4096/exploit-CVE-2007-2447	2020-12-06
https://github.com/3x1t1um/CVE-2007-2447	2020-08-04
https://github.com/G01d3nW01f/CVE-2007-2447	2021-04-16
https://github.com/Aviksaikat/CVE-2007-2447	2023-10-17
https://github.com/0xTabun/CVE-2007-2447	2023-09-16
https://github.com/s4msec/CVE-2007-2447	2023-03-20
https://github.com/0xConstant/CVE-2007-2447	2022-04-14
https://github.com/cherrera0001/CVE-2007-2447	2020-08-16
https://github.com/JoseBarrios/CVE-2007-2447	2020-01-20
https://github.com/testaross4/CVE-2007-2447	2022-05-13
https://github.com/MikeRega7/CVE-2007-2447-RCE	2023-06-15
https://github.com/IamLucif3r/CVE-2007-2447-Exploit	2024-07-08
https://github.com/ShivamDey/Samba-CVE-2007-2447-Exploit	2023-10-21
https://github.com/3t4n/samba-3.0.24-CVE-2007-2447-vunerable-	2021-07-23

URL	Date	SRC
http://www.samba.org/samba/security/CVE-2007-2447.html	2018-10-16

URL	Date	SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768	2018-10-16
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980	2018-10-16
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	2018-10-16
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html	2018-10-16
http://secunia.com/advisories/25232	2018-10-16
http://secunia.com/advisories/25241	2018-10-16
http://secunia.com/advisories/25246	2018-10-16
http://secunia.com/advisories/25251	2018-10-16
http://secunia.com/advisories/25255	2018-10-16
http://secunia.com/advisories/25256	2018-10-16
http://secunia.com/advisories/25257	2018-10-16
http://secunia.com/advisories/25259	2018-10-16
http://secunia.com/advisories/25270	2018-10-16
http://security.gentoo.org/glsa/glsa-200705-15.xml	2018-10-16
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906	2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1	2018-10-16
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1	2018-10-16
http://www.debian.org/security/2007/dsa-1291	2018-10-16
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104	2018-10-16
http://www.novell.com/linux/security/advisories/2007_14_sr.html	2018-10-16
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html	2018-10-16
http://www.redhat.com/support/errata/RHSA-2007-0354.html	2018-10-16
http://www.trustix.org/errata/2007/0017	2018-10-16
http://www.ubuntu.com/usn/usn-460-1	2018-10-16
https://access.redhat.com/security/cve/CVE-2007-2447	2007-05-14
https://bugzilla.redhat.com/show_bug.cgi?id=239774	2007-05-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.0 Search vendor "Samba" for product "Samba" and version "3.0.0"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.1 Search vendor "Samba" for product "Samba" and version "3.0.1"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.2 Search vendor "Samba" for product "Samba" and version "3.0.2"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.2a Search vendor "Samba" for product "Samba" and version "3.0.2a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.3 Search vendor "Samba" for product "Samba" and version "3.0.3"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.4 Search vendor "Samba" for product "Samba" and version "3.0.4"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.4 Search vendor "Samba" for product "Samba" and version "3.0.4"		rc1		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.5 Search vendor "Samba" for product "Samba" and version "3.0.5"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.6 Search vendor "Samba" for product "Samba" and version "3.0.6"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.7 Search vendor "Samba" for product "Samba" and version "3.0.7"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.8 Search vendor "Samba" for product "Samba" and version "3.0.8"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.9 Search vendor "Samba" for product "Samba" and version "3.0.9"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.10 Search vendor "Samba" for product "Samba" and version "3.0.10"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.11 Search vendor "Samba" for product "Samba" and version "3.0.11"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.12 Search vendor "Samba" for product "Samba" and version "3.0.12"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.13 Search vendor "Samba" for product "Samba" and version "3.0.13"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.14 Search vendor "Samba" for product "Samba" and version "3.0.14"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.14a Search vendor "Samba" for product "Samba" and version "3.0.14a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.15 Search vendor "Samba" for product "Samba" and version "3.0.15"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.16 Search vendor "Samba" for product "Samba" and version "3.0.16"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.17 Search vendor "Samba" for product "Samba" and version "3.0.17"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.18 Search vendor "Samba" for product "Samba" and version "3.0.18"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.19 Search vendor "Samba" for product "Samba" and version "3.0.19"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.20 Search vendor "Samba" for product "Samba" and version "3.0.20"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.20a Search vendor "Samba" for product "Samba" and version "3.0.20a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.20b Search vendor "Samba" for product "Samba" and version "3.0.20b"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21 Search vendor "Samba" for product "Samba" and version "3.0.21"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21a Search vendor "Samba" for product "Samba" and version "3.0.21a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21b Search vendor "Samba" for product "Samba" and version "3.0.21b"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.21c Search vendor "Samba" for product "Samba" and version "3.0.21c"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.22 Search vendor "Samba" for product "Samba" and version "3.0.22"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.23 Search vendor "Samba" for product "Samba" and version "3.0.23"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.23a Search vendor "Samba" for product "Samba" and version "3.0.23a"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.23b Search vendor "Samba" for product "Samba" and version "3.0.23b"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.23c Search vendor "Samba" for product "Samba" and version "3.0.23c"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.23d Search vendor "Samba" for product "Samba" and version "3.0.23d"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.24 Search vendor "Samba" for product "Samba" and version "3.0.24"		-		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		pre1		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		pre2		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		rc1		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		rc2		Affected
Samba Search vendor "Samba"		Samba Search vendor "Samba" for product "Samba"				3.0.25 Search vendor "Samba" for product "Samba" and version "3.0.25"		rc3		Affected