SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2007-2447

Date: (C)2007-05-14 (M)2023-12-22

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.0
Exploit Score: 6.8
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1018051

SUNALERT-102964

SUNALERT-200588

http://www.securityfocus.com/archive/1/468565/100/0/threaded

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534

http://www.securityfocus.com/archive/1/468670/100/0/threaded

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

APPLE-SA-2007-07-31

OpenPKG-SA-2007.012

SSA:2007-134-01

SUSE-SA:2007:031

SUSE-SR:2007:014

http://docs.info.apple.com/article.html?artnum=306172

http://www.samba.org/samba/security/CVE-2007-2447.html

http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf

https://issues.rpath.com/browse/RPL-1366

oval:org.mitre.oval:def:10062

cpe:/a:samba:samba:3.0.2a
cpe:/a:samba:samba:3.0.21a
cpe:/a:samba:samba:3.0.23c
cpe:/a:samba:samba:3.0.23b
...

© SecPod Technologies