CVE-2007-2447

Loading...

General

Score:6.0/10.0
Severity:Medium
Category:N/A
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:Multiple

Relative vulnerabilities

CVE-2007-2444, CVE-2007-2446, CVE-2008-1105, CVE-2008-3789, CVE-2008-4314, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, CVE-2009-3297, CVE-2010-0728, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-0817, CVE-2012-1182, CVE-2012-2111, CVE-2012-6150, CVE-2013-0172, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-0240, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, CVE-2016-2119, CVE-2016-2125, CVE-2016-2126, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-14746, CVE-2017-15275, CVE-2017-2619, CVE-2017-7494, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139

Published on 14/05/07 - Updated on 16/10/18

Description

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

Category: N/A

NVD-CWE-Other (Other)
NVD is only using a subset of CWE for mapping instead of the entire CWE, and the weakness type is not covered by that subset.

Security Notices

US National Vulnerability DatabaseCVE-2007-2447
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2007-AVI-219, CERTA-2007-AVI-340, CERTA-2007-AVI-409, CERTA-2008-AVI-007
Oracle Linux ELSA-2017-0662, ELSA-2018-1860, ELSA-2018-3056
Renater 2007/VULN247, 2007/VULN289

Exploits

Exploit-DBEDB-16320
SecurityFocusBID-23972, BID-25159

Relative technologies

VendorProduct
sambasamba

Share this vulnerability with:

Twitter Facebook LinkedIn Mail