National Vulnerability Database (NVD) National Vulnerability Database (CVE-2007-2447)

National Cyber Awareness System

Vulnerability Summary for CVE-2007-2447

Original release date:05/14/2007

Last revised:03/08/2011

Source: US-CERT/NIST

Overview

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:6.0 (MEDIUM) (AV:N/AC:M/Au:S/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 6.8

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Medium

Authentication: Required to exploit

Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#268336

Name: VU#268336

Hyperlink:http://www.kb.cert.org/vuls/id/268336

External Source: BUGTRAQ

Name: 20070513 [SAMBA-SECURITY] CVE-2007-2447: Remote Command Injection Vulnerability

Type: Advisory; Patch Information

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/468565/100/0/threaded

External Source: CONFIRM

Name: http://www.samba.org/samba/security/CVE-2007-2447.html

Type: Advisory; Patch Information

Hyperlink:http://www.samba.org/samba/security/CVE-2007-2447.html

External Source: CONFIRM

Name: https://issues.rpath.com/browse/RPL-1366

Hyperlink:https://issues.rpath.com/browse/RPL-1366

External Source: VUPEN

Name: ADV-2008-0050

Hyperlink:http://www.vupen.com/english/advisories/2008/0050

External Source: VUPEN

Name: ADV-2007-3229

Hyperlink:http://www.vupen.com/english/advisories/2007/3229

External Source: VUPEN

Name: ADV-2007-2732

Hyperlink:http://www.vupen.com/english/advisories/2007/2732

External Source: VUPEN

Name: ADV-2007-2281

Hyperlink:http://www.vupen.com/english/advisories/2007/2281

External Source: VUPEN

Name: ADV-2007-2210

Hyperlink:http://www.vupen.com/english/advisories/2007/2210

External Source: VUPEN

Name: ADV-2007-2079

Hyperlink:http://www.vupen.com/english/advisories/2007/2079

External Source: VUPEN

Name: ADV-2007-1805

Hyperlink:http://www.vupen.com/english/advisories/2007/1805

External Source: UBUNTU

Name: USN-460-1

Hyperlink:http://www.ubuntu.com/usn/usn-460-1

External Source: TRUSTIX

Name: 2007-0017

Hyperlink:http://www.trustix.org/errata/2007/0017/

External Source: SECTRACK

Name: 1018051

Hyperlink:http://www.securitytracker.com/id?1018051

External Source: BID

Name: 23972

Hyperlink:http://www.securityfocus.com/bid/23972

External Source: BUGTRAQ

Name: 20070515 FLEA-2007-0017-1: samba

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/468670/100/0/threaded

External Source: REDHAT

Name: RHSA-2007:0354

Hyperlink:http://www.redhat.com/support/errata/RHSA-2007-0354.html

External Source: OSVDB

Name: 34700

Hyperlink:http://www.osvdb.org/34700

External Source: DEBIAN

Name: DSA-1291

Hyperlink:http://www.debian.org/security/2007/dsa-1291

External Source: SLACKWARE

Name: SSA:2007-134-01

Hyperlink:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906

External Source: GENTOO

Name: GLSA-200705-15

Hyperlink:http://security.gentoo.org/glsa/glsa-200705-15.xml

External Source: SECUNIA

Name: 25270

Type: Advisory

Hyperlink:http://secunia.com/advisories/25270

External Source: SECUNIA

Name: 25259

Type: Advisory

Hyperlink:http://secunia.com/advisories/25259

External Source: SECUNIA

Name: 25257

Type: Advisory

Hyperlink:http://secunia.com/advisories/25257

External Source: SECUNIA

Name: 25256

Type: Advisory

Hyperlink:http://secunia.com/advisories/25256

External Source: SECUNIA

Name: 25255

Type: Advisory

Hyperlink:http://secunia.com/advisories/25255

External Source: SECUNIA

Name: 25251

Type: Advisory

Hyperlink:http://secunia.com/advisories/25251

External Source: SECUNIA

Name: 25246

Type: Advisory

Hyperlink:http://secunia.com/advisories/25246

External Source: SECUNIA

Name: 25241

Type: Advisory

Hyperlink:http://secunia.com/advisories/25241

External Source: SECUNIA

Name: 25232

Type: Advisory

Hyperlink:http://secunia.com/advisories/25232

External Source: OVAL

Name: oval:org.mitre.oval:def:10062

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10062

External Source: IDEFENSE

Name: 20070514 Samba SAMR Change Password Remote Command Injection Vulnerability

Hyperlink:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534

External Source: HP

Name: SSRT071424

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768

External Source: CONFIRM

Name: http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf

Hyperlink:http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf

External Source: BID

Name: 25159

Hyperlink:http://www.securityfocus.com/bid/25159

External Source: OPENPKG

Name: OpenPKG-SA-2007.012

Hyperlink:http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html

External Source: SUSE

Name: SUSE-SR:2007:014

Hyperlink:http://www.novell.com/linux/security/advisories/2007_14_sr.html

External Source: MANDRIVA

Name: MDKSA-2007:104

Hyperlink:http://www.mandriva.com/security/advisories?name=MDKSA-2007:104

External Source: SUNALERT

Name: 200588

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1

External Source: SUNALERT

Name: 102964

Hyperlink:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1

External Source: SREASON

Name: 2700

Hyperlink:http://securityreason.com/securityalert/2700

External Source: SECUNIA

Name: 28292

Hyperlink:http://secunia.com/advisories/28292

External Source: SECUNIA

Name: 27706

Hyperlink:http://secunia.com/advisories/27706

External Source: SECUNIA

Name: 26909

Hyperlink:http://secunia.com/advisories/26909

External Source: SECUNIA

Name: 26235

Hyperlink:http://secunia.com/advisories/26235

External Source: SECUNIA

Name: 26083

Hyperlink:http://secunia.com/advisories/26083

External Source: SECUNIA

Name: 25772

Hyperlink:http://secunia.com/advisories/25772

External Source: SECUNIA

Name: 25675

Hyperlink:http://secunia.com/advisories/25675

External Source: SECUNIA

Name: 25567

Hyperlink:http://secunia.com/advisories/25567

External Source: SECUNIA

Name: 25289

Hyperlink:http://secunia.com/advisories/25289

External Source: SUSE

Name: SUSE-SA:2007:031

Hyperlink:http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html

External Source: FULLDISC

Name: 20070920 VMSA-2007-0006 Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player

Hyperlink:http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

External Source: APPLE

Name: APPLE-SA-2007-07-31

Hyperlink:http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

External Source: HP

Name: HPSBTU02218

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980

External Source: HP

Name: SSRT071424

Hyperlink:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768

External Source: CONFIRM

Name: http://docs.info.apple.com/article.html?artnum=306172

Hyperlink:http://docs.info.apple.com/article.html?artnum=306172

References to Check Content

Identifier:oval:org.mitre.oval:def:10062

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10062

Vulnerable software and versions

Configuration 1

* cpe:/a:samba:samba:3.0.0

* cpe:/a:samba:samba:3.0.1

* cpe:/a:samba:samba:3.0.10

* cpe:/a:samba:samba:3.0.11

* cpe:/a:samba:samba:3.0.12

* cpe:/a:samba:samba:3.0.13

* cpe:/a:samba:samba:3.0.14

* cpe:/a:samba:samba:3.0.14a

* cpe:/a:samba:samba:3.0.15

* cpe:/a:samba:samba:3.0.16

* cpe:/a:samba:samba:3.0.17

* cpe:/a:samba:samba:3.0.18

* cpe:/a:samba:samba:3.0.19

* cpe:/a:samba:samba:3.0.2

* cpe:/a:samba:samba:3.0.20

* cpe:/a:samba:samba:3.0.20a

* cpe:/a:samba:samba:3.0.20b

* cpe:/a:samba:samba:3.0.21

* cpe:/a:samba:samba:3.0.21a

* cpe:/a:samba:samba:3.0.21b

* cpe:/a:samba:samba:3.0.21c

* cpe:/a:samba:samba:3.0.22

* cpe:/a:samba:samba:3.0.23

* cpe:/a:samba:samba:3.0.23a

* cpe:/a:samba:samba:3.0.23b

* cpe:/a:samba:samba:3.0.23c

* cpe:/a:samba:samba:3.0.23d

* cpe:/a:samba:samba:3.0.24

* cpe:/a:samba:samba:3.0.25:pre1

* cpe:/a:samba:samba:3.0.25:pre2

* cpe:/a:samba:samba:3.0.25:rc1

* cpe:/a:samba:samba:3.0.25:rc2

* cpe:/a:samba:samba:3.0.25:rc3

* cpe:/a:samba:samba:3.0.2a

* cpe:/a:samba:samba:3.0.3

* cpe:/a:samba:samba:3.0.4

* cpe:/a:samba:samba:3.0.4:rc1

* cpe:/a:samba:samba:3.0.5

* cpe:/a:samba:samba:3.0.6

* cpe:/a:samba:samba:3.0.7

* cpe:/a:samba:samba:3.0.8

* cpe:/a:samba:samba:3.0.9

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447