Home > Vulnerability Database > CVE-2007-2447

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-2447

Date: May 14, 2007

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

Severity Score

5.0

Related Resources (58)

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062

Url: http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html

Url: http://secunia.com/advisories/28292

Url: http://www.ubuntu.com/usn/usn-460-1

Url: https://issues.rpath.com/browse/RPL-1366

Url: http://secunia.com/advisories/26909

Url: http://www.redhat.com/support/errata/RHSA-2007-0354.html

Url: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980

Url: http://www.vupen.com/english/advisories/2007/2079

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-2447

Url: http://www.novell.com/linux/security/advisories/2007_14_sr.html

Url: http://secunia.com/advisories/25772

Url: http://secunia.com/advisories/25255

Url: http://secunia.com/advisories/25259

Url: http://secunia.com/advisories/25256

Url: http://secunia.com/advisories/25257

Url: http://secunia.com/advisories/26083

Url: http://secunia.com/advisories/25270

Url: http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html

Url: http://www.kb.cert.org/vuls/id/268336

Url: http://www.vupen.com/english/advisories/2008/0050

Url: http://www.vupen.com/english/advisories/2007/3229

Url: http://www.vupen.com/english/advisories/2007/2732

Url: http://securityreason.com/securityalert/2700

Url: http://www.debian.org/security/2007/dsa-1291

Url: http://www.vupen.com/english/advisories/2007/1805

Url: http://secunia.com/advisories/26235

Url: http://www.samba.org/samba/security/CVE-2007-2447.html

Url: http://docs.info.apple.com/article.html?artnum=306172

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1

Url: http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html

Url: http://www.vupen.com/english/advisories/2007/2210

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-2447

Url: http://www.trustix.org/errata/2007/0017/

Url: http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf

Url: http://www.securityfocus.com/archive/1/468565/100/0/threaded

Url: http://www.osvdb.org/34700

Url: http://www.securityfocus.com/archive/1/468670/100/0/threaded

Url: http://secunia.com/advisories/25232

Url: http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html

Url: http://secunia.com/advisories/25675

Url: http://www.securityfocus.com/bid/23972

Url: http://secunia.com/advisories/25251

Url: http://www.securityfocus.com/bid/25159

Url: http://www.vupen.com/english/advisories/2007/2281

Url: http://security.gentoo.org/glsa/glsa-200705-15.xml

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2007:104

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906

Url: http://secunia.com/advisories/27706

Url: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534

Url: http://secunia.com/advisories/25241

Url: http://www.securitytracker.com/id?1018051

Url: http://secunia.com/advisories/25567

Url: http://secunia.com/advisories/25289

Url: http://secunia.com/advisories/25246

Url: https://www.mend.io/vulnerability-database/CVE-2007-2447

Severity Score

5.0

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us