CVE-2007-2447

N/A Unknown
Published: May 14, 2007 Modified: November 04, 2025
View on NVD

Description

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://docs.info.apple.com/article.html?artnum=306172
Source: secalert@redhat.com
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
Source: secalert@redhat.com
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
Source: secalert@redhat.com
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
Source: secalert@redhat.com
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
Source: secalert@redhat.com
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Source: secalert@redhat.com
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
Source: secalert@redhat.com
http://secunia.com/advisories/25232
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/25241
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/25246
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/25251
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/25255
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/25256
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/25257
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/25259
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/25270
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/25289
Source: secalert@redhat.com
http://secunia.com/advisories/25567
Source: secalert@redhat.com
http://secunia.com/advisories/25675
Source: secalert@redhat.com
http://secunia.com/advisories/25772
Source: secalert@redhat.com
http://secunia.com/advisories/26083
Source: secalert@redhat.com
http://secunia.com/advisories/26235
Source: secalert@redhat.com
http://secunia.com/advisories/26909
Source: secalert@redhat.com
http://secunia.com/advisories/27706
Source: secalert@redhat.com
http://secunia.com/advisories/28292
Source: secalert@redhat.com
http://security.gentoo.org/glsa/glsa-200705-15.xml
Source: secalert@redhat.com
http://securityreason.com/securityalert/2700
Source: secalert@redhat.com
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
Source: secalert@redhat.com
http://www.debian.org/security/2007/dsa-1291
Source: secalert@redhat.com
http://www.kb.cert.org/vuls/id/268336
Source: secalert@redhat.com
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
Source: secalert@redhat.com
http://www.novell.com/linux/security/advisories/2007_14_sr.html
Source: secalert@redhat.com
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
Source: secalert@redhat.com
http://www.osvdb.org/34700
Source: secalert@redhat.com
http://www.redhat.com/support/errata/RHSA-2007-0354.html
Source: secalert@redhat.com
http://www.samba.org/samba/security/CVE-2007-2447.html
Source: secalert@redhat.com
Patch Vendor Advisory
http://www.securityfocus.com/archive/1/468565/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/archive/1/468670/100/0/threaded
Source: secalert@redhat.com
http://www.securityfocus.com/bid/23972
Source: secalert@redhat.com
http://www.securityfocus.com/bid/25159
Source: secalert@redhat.com
http://www.securitytracker.com/id?1018051
Source: secalert@redhat.com
http://www.trustix.org/errata/2007/0017/
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-460-1
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2007/1805
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2007/2079
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2007/2210
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2007/2281
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2007/2732
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2007/3229
Source: secalert@redhat.com
http://www.vupen.com/english/advisories/2008/0050
Source: secalert@redhat.com
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
Source: secalert@redhat.com
https://issues.rpath.com/browse/RPL-1366
Source: secalert@redhat.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062
Source: secalert@redhat.com
http://docs.info.apple.com/article.html?artnum=306172
Source: af854a3a-2127-422b-91ae-364da2661108
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
Source: af854a3a-2127-422b-91ae-364da2661108
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
Source: af854a3a-2127-422b-91ae-364da2661108
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/25232
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/25241
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/25246
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/25251
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/25255
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/25256
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/25257
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/25259
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/25270
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/25289
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/25567
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/25675
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/25772
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/26083
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/26235
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/26909
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/27706
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28292
Source: af854a3a-2127-422b-91ae-364da2661108
http://security.gentoo.org/glsa/glsa-200705-15.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://securityreason.com/securityalert/2700
Source: af854a3a-2127-422b-91ae-364da2661108
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2007/dsa-1291
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/268336
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.novell.com/linux/security/advisories/2007_14_sr.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/10/16/2
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.osvdb.org/34700
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.redhat.com/support/errata/RHSA-2007-0354.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.samba.org/samba/security/CVE-2007-2447.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.securityfocus.com/archive/1/468565/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/468670/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/23972
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/25159
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securitytracker.com/id?1018051
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.trustix.org/errata/2007/0017/
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-460-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/1805
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/2079
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/2210
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/2281
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/2732
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2007/3229
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/0050
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
https://issues.rpath.com/browse/RPL-1366
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062
Source: af854a3a-2127-422b-91ae-364da2661108

111 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
75.1%
99th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

samba