CVE-2007-2447 Information

Feb 14, 2021 cve

Description

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function when the \username map script\ smb.conf option is enabled and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

Reference

http://docs.info.apple.com/article.html?artnum=306172 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html http://secunia.com/advisories/25232 http://secunia.com/advisories/25241 http://secunia.com/advisories/25246 http://secunia.com/advisories/25251 http://secunia.com/advisories/25255 http://secunia.com/advisories/25256 http://secunia.com/advisories/25257 http://secunia.com/advisories/25259 http://secunia.com/advisories/25270 http://secunia.com/advisories/25289 http://secunia.com/advisories/25567 http://secunia.com/advisories/25675 http://secunia.com/advisories/25772 http://secunia.com/advisories/26083 http://secunia.com/advisories/26235 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 http://secunia.com/advisories/28292 http://security.gentoo.org/glsa/glsa-200705-15.xml http://securityreason.com/securityalert/2700 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1 http://www.debian.org/security/2007/dsa-1291 http://www.kb.cert.org/vuls/id/268336 http://www.mandriva.com/security/advisories?name=MDKSA-2007:104 http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html http://www.osvdb.org/34700 http://www.redhat.com/support/errata/RHSA-2007-0354.html http://www.samba.org/samba/security/CVE-2007-2447.html http://www.securityfocus.com/archive/1/468565/100/0/threaded http://www.securityfocus.com/archive/1/468670/100/0/threaded http://www.securityfocus.com/bid/23972 http://www.securityfocus.com/bid/25159 http://www.securitytracker.com/id?1018051 http://www.trustix.org/errata/2007/0017/ http://www.ubuntu.com/usn/usn-460-1 http://www.vupen.com/english/advisories/2007/1805 http://www.vupen.com/english/advisories/2007/2079 http://www.vupen.com/english/advisories/2007/2210 http://www.vupen.com/english/advisories/2007/2281 http://www.vupen.com/english/advisories/2007/2732 http://www.vupen.com/english/advisories/2007/3229 http://www.vupen.com/english/advisories/2008/0050 http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf https://issues.rpath.com/browse/RPL-1366 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10062

Share on: