Vulnerability Details : CVE-2007-2447
Public exploit exists!
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Exploit prediction scoring system (EPSS) score for CVE-2007-2447
Probability of exploitation activity in the next 30 days: 75.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2007-2447
-
Samba "username map script" Command Execution
Disclosure Date: 2007-05-14First seen: 2020-04-26exploit/multi/samba/usermap_scriptThis module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary
CVSS scores for CVE-2007-2447
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
References for CVE-2007-2447
- http://www.vupen.com/english/advisories/2008/0050
-
http://www.vupen.com/english/advisories/2007/3229
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://www.vupen.com/english/advisories/2007/2210
- http://www.vupen.com/english/advisories/2007/2281
- http://security.gentoo.org/glsa/glsa-200705-15.xml
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062
- http://www.redhat.com/support/errata/RHSA-2007-0354.html
-
http://securityreason.com/securityalert/2700
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
- http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
- http://www.debian.org/security/2007/dsa-1291
-
http://www.kb.cert.org/vuls/id/268336
US Government Resource
- http://docs.info.apple.com/article.html?artnum=306172
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
- http://www.securityfocus.com/bid/25159
- http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
- http://www.vupen.com/english/advisories/2007/1805
- http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
-
http://www.securityfocus.com/bid/23972
Samba MS-RPC Remote Shell Command Execution Vulnerability
-
http://www.securitytracker.com/id?1018051
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
[Full-Disclosure] Mailing List Charter
-
http://www.samba.org/samba/security/CVE-2007-2447.html
Patch;Vendor Advisory
- http://www.ubuntu.com/usn/usn-460-1
- http://www.trustix.org/errata/2007/0017/
- http://www.securityfocus.com/archive/1/468670/100/0/threaded
-
http://www.vupen.com/english/advisories/2007/2732
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
- http://www.vupen.com/english/advisories/2007/2079
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
- http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
-
http://www.securityfocus.com/archive/1/468565/100/0/threaded
- https://issues.rpath.com/browse/RPL-1366
- http://www.novell.com/linux/security/advisories/2007_14_sr.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
Products affected by CVE-2007-2447
- cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*