NVD Vulnerability Detail

CVE-2007-2447

Summary	The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Summary	La funcionalidad MS-RPC en mbd en Samba 3.0.0 hasta la 3.0.25rc3 permite a atacantes remotos ejecutar comandos de su elección a través del intérprete de comandos (shell) de metacaracteres afectando a la (1) función SamrChangePassword, cuando la opción "secuencia de comandos del mapa del nombre de usuario" smb.conf está activada, y permite a usuarios remotos validados ejecutar comandos a través del intérprete de comandos (shell) de metacaracteres afectando a otras funciones MS-RPC en la (2)impresora remota y (3)gestión de ficheros compartidos.
Publication Date	May 15, 2007, 6:19 a.m.
Registration Date	Jan. 29, 2021, 2:12 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	6.0
Vector	AV:N/AC:M/Au:S/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	単一
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:samba:samba:3.0.0:::::::*
cpe:2.3:a:samba:samba:3.0.1:::::::*
cpe:2.3:a:samba:samba:3.0.2:::::::*
cpe:2.3:a:samba:samba:3.0.2a:::::::*
cpe:2.3:a:samba:samba:3.0.3:::::::*
cpe:2.3:a:samba:samba:3.0.4:::::::*
cpe:2.3:a:samba:samba:3.0.4:rc1::::::
cpe:2.3:a:samba:samba:3.0.5:::::::*
cpe:2.3:a:samba:samba:3.0.6:::::::*
cpe:2.3:a:samba:samba:3.0.7:::::::*
cpe:2.3:a:samba:samba:3.0.8:::::::*
cpe:2.3:a:samba:samba:3.0.9:::::::*
cpe:2.3:a:samba:samba:3.0.10:::::::*
cpe:2.3:a:samba:samba:3.0.11:::::::*
cpe:2.3:a:samba:samba:3.0.12:::::::*
cpe:2.3:a:samba:samba:3.0.13:::::::*
cpe:2.3:a:samba:samba:3.0.14:::::::*
cpe:2.3:a:samba:samba:3.0.14a:::::::*
cpe:2.3:a:samba:samba:3.0.15:::::::*
cpe:2.3:a:samba:samba:3.0.16:::::::*
cpe:2.3:a:samba:samba:3.0.17:::::::*
cpe:2.3:a:samba:samba:3.0.18:::::::*
cpe:2.3:a:samba:samba:3.0.19:::::::*
cpe:2.3:a:samba:samba:3.0.20:::::::*
cpe:2.3:a:samba:samba:3.0.20a:::::::*
cpe:2.3:a:samba:samba:3.0.20b:::::::*
cpe:2.3:a:samba:samba:3.0.21:::::::*
cpe:2.3:a:samba:samba:3.0.21a:::::::*
cpe:2.3:a:samba:samba:3.0.21b:::::::*
cpe:2.3:a:samba:samba:3.0.21c:::::::*
cpe:2.3:a:samba:samba:3.0.22:::::::*
cpe:2.3:a:samba:samba:3.0.23:::::::*
cpe:2.3:a:samba:samba:3.0.23a:::::::*
cpe:2.3:a:samba:samba:3.0.23b:::::::*
cpe:2.3:a:samba:samba:3.0.23c:::::::*
cpe:2.3:a:samba:samba:3.0.23d:::::::*
cpe:2.3:a:samba:samba:3.0.24:::::::*
cpe:2.3:a:samba:samba:3.0.25:pre1::::::
cpe:2.3:a:samba:samba:3.0.25:pre2::::::
cpe:2.3:a:samba:samba:3.0.25:rc1::::::
cpe:2.3:a:samba:samba:3.0.25:rc2::::::
cpe:2.3:a:samba:samba:3.0.25:rc3::::::

Related information, measures and tools

No	URL	refsource
1	http://docs.info.apple.com/article.html?artnum=306172	secalert@redhat.com
2	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768	secalert@redhat.com
3	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980	secalert@redhat.com
4	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534	secalert@redhat.com
5	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	secalert@redhat.com
6	http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html	secalert@redhat.com
7	http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html	secalert@redhat.com
8	http://secunia.com/advisories/25232	secalert@redhat.com
9	http://secunia.com/advisories/25241	secalert@redhat.com
10	http://secunia.com/advisories/25246	secalert@redhat.com
11	http://secunia.com/advisories/25251	secalert@redhat.com
12	http://secunia.com/advisories/25255	secalert@redhat.com
13	http://secunia.com/advisories/25256	secalert@redhat.com
14	http://secunia.com/advisories/25257	secalert@redhat.com
15	http://secunia.com/advisories/25259	secalert@redhat.com
16	http://secunia.com/advisories/25270	secalert@redhat.com
17	http://secunia.com/advisories/25289	secalert@redhat.com
18	http://secunia.com/advisories/25567	secalert@redhat.com
19	http://secunia.com/advisories/25675	secalert@redhat.com
20	http://secunia.com/advisories/25772	secalert@redhat.com
21	http://secunia.com/advisories/26083	secalert@redhat.com
22	http://secunia.com/advisories/26235	secalert@redhat.com
23	http://secunia.com/advisories/26909	secalert@redhat.com
24	http://secunia.com/advisories/27706	secalert@redhat.com
25	http://secunia.com/advisories/28292	secalert@redhat.com
26	http://security.gentoo.org/glsa/glsa-200705-15.xml	secalert@redhat.com
27	http://securityreason.com/securityalert/2700	secalert@redhat.com
28	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906	secalert@redhat.com
29	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1	secalert@redhat.com
30	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1	secalert@redhat.com
31	http://www.debian.org/security/2007/dsa-1291	secalert@redhat.com
32	http://www.kb.cert.org/vuls/id/268336	secalert@redhat.com
33	http://www.mandriva.com/security/advisories?name=MDKSA-2007:104	secalert@redhat.com
34	http://www.novell.com/linux/security/advisories/2007_14_sr.html	secalert@redhat.com
35	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html	secalert@redhat.com
36	http://www.osvdb.org/34700	secalert@redhat.com
37	http://www.redhat.com/support/errata/RHSA-2007-0354.html	secalert@redhat.com
38	http://www.samba.org/samba/security/CVE-2007-2447.html	secalert@redhat.com
39	http://www.securityfocus.com/archive/1/468565/100/0/threaded	secalert@redhat.com
40	http://www.securityfocus.com/archive/1/468670/100/0/threaded	secalert@redhat.com
41	http://www.securityfocus.com/bid/23972	secalert@redhat.com
42	http://www.securityfocus.com/bid/25159	secalert@redhat.com
43	http://www.securitytracker.com/id?1018051	secalert@redhat.com
44	http://www.trustix.org/errata/2007/0017/	secalert@redhat.com
45	http://www.ubuntu.com/usn/usn-460-1	secalert@redhat.com
46	http://www.vupen.com/english/advisories/2007/1805	secalert@redhat.com
47	http://www.vupen.com/english/advisories/2007/2079	secalert@redhat.com
48	http://www.vupen.com/english/advisories/2007/2210	secalert@redhat.com
49	http://www.vupen.com/english/advisories/2007/2281	secalert@redhat.com
50	http://www.vupen.com/english/advisories/2007/2732	secalert@redhat.com
51	http://www.vupen.com/english/advisories/2007/3229	secalert@redhat.com
52	http://www.vupen.com/english/advisories/2008/0050	secalert@redhat.com
53	http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf	secalert@redhat.com
54	https://issues.rpath.com/browse/RPL-1366	secalert@redhat.com
55	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062	secalert@redhat.com
56	http://docs.info.apple.com/article.html?artnum=306172	af854a3a-2127-422b-91ae-364da2661108
57	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768	af854a3a-2127-422b-91ae-364da2661108
58	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980	af854a3a-2127-422b-91ae-364da2661108
59	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534	af854a3a-2127-422b-91ae-364da2661108
60	http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html	af854a3a-2127-422b-91ae-364da2661108
61	http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html	af854a3a-2127-422b-91ae-364da2661108
62	http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html	af854a3a-2127-422b-91ae-364da2661108
63	http://secunia.com/advisories/25232	af854a3a-2127-422b-91ae-364da2661108
64	http://secunia.com/advisories/25241	af854a3a-2127-422b-91ae-364da2661108
65	http://secunia.com/advisories/25246	af854a3a-2127-422b-91ae-364da2661108
66	http://secunia.com/advisories/25251	af854a3a-2127-422b-91ae-364da2661108
67	http://secunia.com/advisories/25255	af854a3a-2127-422b-91ae-364da2661108
68	http://secunia.com/advisories/25256	af854a3a-2127-422b-91ae-364da2661108
69	http://secunia.com/advisories/25257	af854a3a-2127-422b-91ae-364da2661108
70	http://secunia.com/advisories/25259	af854a3a-2127-422b-91ae-364da2661108
71	http://secunia.com/advisories/25270	af854a3a-2127-422b-91ae-364da2661108
72	http://secunia.com/advisories/25289	af854a3a-2127-422b-91ae-364da2661108
73	http://secunia.com/advisories/25567	af854a3a-2127-422b-91ae-364da2661108
74	http://secunia.com/advisories/25675	af854a3a-2127-422b-91ae-364da2661108
75	http://secunia.com/advisories/25772	af854a3a-2127-422b-91ae-364da2661108
76	http://secunia.com/advisories/26083	af854a3a-2127-422b-91ae-364da2661108
77	http://secunia.com/advisories/26235	af854a3a-2127-422b-91ae-364da2661108
78	http://secunia.com/advisories/26909	af854a3a-2127-422b-91ae-364da2661108
79	http://secunia.com/advisories/27706	af854a3a-2127-422b-91ae-364da2661108
80	http://secunia.com/advisories/28292	af854a3a-2127-422b-91ae-364da2661108
81	http://security.gentoo.org/glsa/glsa-200705-15.xml	af854a3a-2127-422b-91ae-364da2661108
82	http://securityreason.com/securityalert/2700	af854a3a-2127-422b-91ae-364da2661108
83	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906	af854a3a-2127-422b-91ae-364da2661108
84	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1	af854a3a-2127-422b-91ae-364da2661108
85	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1	af854a3a-2127-422b-91ae-364da2661108
86	http://www.debian.org/security/2007/dsa-1291	af854a3a-2127-422b-91ae-364da2661108
87	http://www.kb.cert.org/vuls/id/268336	af854a3a-2127-422b-91ae-364da2661108
88	http://www.mandriva.com/security/advisories?name=MDKSA-2007:104	af854a3a-2127-422b-91ae-364da2661108
89	http://www.novell.com/linux/security/advisories/2007_14_sr.html	af854a3a-2127-422b-91ae-364da2661108
90	http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html	af854a3a-2127-422b-91ae-364da2661108
91	http://www.openwall.com/lists/oss-security/2025/10/16/2	af854a3a-2127-422b-91ae-364da2661108
92	http://www.osvdb.org/34700	af854a3a-2127-422b-91ae-364da2661108
93	http://www.redhat.com/support/errata/RHSA-2007-0354.html	af854a3a-2127-422b-91ae-364da2661108
94	http://www.samba.org/samba/security/CVE-2007-2447.html	af854a3a-2127-422b-91ae-364da2661108
95	http://www.securityfocus.com/archive/1/468565/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
96	http://www.securityfocus.com/archive/1/468670/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
97	http://www.securityfocus.com/bid/23972	af854a3a-2127-422b-91ae-364da2661108
98	http://www.securityfocus.com/bid/25159	af854a3a-2127-422b-91ae-364da2661108
99	http://www.securitytracker.com/id?1018051	af854a3a-2127-422b-91ae-364da2661108
100	http://www.trustix.org/errata/2007/0017/	af854a3a-2127-422b-91ae-364da2661108
101	http://www.ubuntu.com/usn/usn-460-1	af854a3a-2127-422b-91ae-364da2661108
102	http://www.vupen.com/english/advisories/2007/1805	af854a3a-2127-422b-91ae-364da2661108
103	http://www.vupen.com/english/advisories/2007/2079	af854a3a-2127-422b-91ae-364da2661108
104	http://www.vupen.com/english/advisories/2007/2210	af854a3a-2127-422b-91ae-364da2661108
105	http://www.vupen.com/english/advisories/2007/2281	af854a3a-2127-422b-91ae-364da2661108
106	http://www.vupen.com/english/advisories/2007/2732	af854a3a-2127-422b-91ae-364da2661108
107	http://www.vupen.com/english/advisories/2007/3229	af854a3a-2127-422b-91ae-364da2661108
108	http://www.vupen.com/english/advisories/2008/0050	af854a3a-2127-422b-91ae-364da2661108
109	http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf	af854a3a-2127-422b-91ae-364da2661108
110	https://issues.rpath.com/browse/RPL-1366	af854a3a-2127-422b-91ae-364da2661108
111	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:samba:samba:3.0.0:::::::*
cpe:2.3:a:samba:samba:3.0.1:::::::*
cpe:2.3:a:samba:samba:3.0.2:::::::*
cpe:2.3:a:samba:samba:3.0.2a:::::::*
cpe:2.3:a:samba:samba:3.0.3:::::::*
cpe:2.3:a:samba:samba:3.0.4:::::::*
cpe:2.3:a:samba:samba:3.0.4:rc1::::::
cpe:2.3:a:samba:samba:3.0.5:::::::*
cpe:2.3:a:samba:samba:3.0.6:::::::*
cpe:2.3:a:samba:samba:3.0.7:::::::*
cpe:2.3:a:samba:samba:3.0.8:::::::*
cpe:2.3:a:samba:samba:3.0.9:::::::*
cpe:2.3:a:samba:samba:3.0.10:::::::*
cpe:2.3:a:samba:samba:3.0.11:::::::*
cpe:2.3:a:samba:samba:3.0.12:::::::*
cpe:2.3:a:samba:samba:3.0.13:::::::*
cpe:2.3:a:samba:samba:3.0.14:::::::*
cpe:2.3:a:samba:samba:3.0.14a:::::::*
cpe:2.3:a:samba:samba:3.0.15:::::::*
cpe:2.3:a:samba:samba:3.0.16:::::::*
cpe:2.3:a:samba:samba:3.0.17:::::::*
cpe:2.3:a:samba:samba:3.0.18:::::::*
cpe:2.3:a:samba:samba:3.0.19:::::::*
cpe:2.3:a:samba:samba:3.0.20:::::::*
cpe:2.3:a:samba:samba:3.0.20a:::::::*
cpe:2.3:a:samba:samba:3.0.20b:::::::*
cpe:2.3:a:samba:samba:3.0.21:::::::*
cpe:2.3:a:samba:samba:3.0.21a:::::::*
cpe:2.3:a:samba:samba:3.0.21b:::::::*
cpe:2.3:a:samba:samba:3.0.21c:::::::*
cpe:2.3:a:samba:samba:3.0.22:::::::*
cpe:2.3:a:samba:samba:3.0.23:::::::*
cpe:2.3:a:samba:samba:3.0.23a:::::::*
cpe:2.3:a:samba:samba:3.0.23b:::::::*
cpe:2.3:a:samba:samba:3.0.23c:::::::*
cpe:2.3:a:samba:samba:3.0.23d:::::::*
cpe:2.3:a:samba:samba:3.0.24:::::::*
cpe:2.3:a:samba:samba:3.0.25:pre1::::::
cpe:2.3:a:samba:samba:3.0.25:pre2::::::
cpe:2.3:a:samba:samba:3.0.25:rc1::::::
cpe:2.3:a:samba:samba:3.0.25:rc2::::::
cpe:2.3:a:samba:samba:3.0.25:rc3::::::