6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.751 High
EPSS
Percentile
98.2%
Samba fails to properly filter input to /bin/sh
. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code on a Samba server.
Samba provides file and print services for Microsoft Windows, Unix, Linux, and OS X clients. Samba can also act as a Primary Domain Controller (PDC) or as a Domain Member. Samba runs on most Unix-like systems.
Samba versions prior to 3.0.24 pass unchecked user input from RPC messages to /bin/sh
when calling externals scripts that are listed in the Samba configuration file. An attacker may be able to exploit this vulnerability by sending specially crafted RPC messages to a vulnerable server.
This vulnerability occurred as a result of failing to comply with recommndation STR02-C of the CERT C Programming Language Secure Coding Standard.
A remote, unauthenticated attacker may be able to execute arbitrary commands.
Apply a patch or upgrade
These vulnerabilities are addressed in Samba version 3.0.25. In addition, patches are available to address this vulnerability in Samba version 3.0.24. Refer to the Samba Security Releases website for more information.
Do not load external shell scripts
From the CVE-2007-2447 entry on the Samba security page:
This defect may be alleviated by removing all defined external script invocations (username map script, add printer command, etc…) from smb.conf.
Restrict access
Limiting access to the Samba server to trusted hosts may mitigate this vulnerability.
268336
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 14, 2007 Updated: July 30, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: July 30, 2007
Affected
These problems have been fixed in Debian GNU/Linux 4.0 with version 3.0.24-6etch1 via Debian Security Advisory 1291 as in
<<http://www.debian.org/security/2007/dsa-1291>>
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 16, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 15, 2007
Affected
This issue affected the Samba package as shipped with Red Hat Enterprise Linux 2.1, 4, 4, and 5. Updated packages to correct this issue are available along with our advisories at the URLs below and via Red Hat Network.
<http://rhn.redhat.com/errata/RHSA-2007-0354.html>
The vendor has not provided us with any further information regarding this vulnerability.
Updated: May 14, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://samba.org/samba/security/CVE-2007-2447.html> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23268336 Feedback>).
Notified: May 14, 2007 Updated: May 16, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 15, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 16, 2007
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.ubuntu.com/usn/usn-460-1> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23268336 Feedback>).
Notified: May 14, 2007 Updated: June 01, 2007
Not Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: May 14, 2007 Updated: May 14, 2007
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 42 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Joshua J. Drake, iDefense Labs, and the Samba team for information that was used in this report.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2007-2447 |
---|---|
Severity Metric: | 7.44 Date Public: |
docs.info.apple.com/article.html?artnum=306172
labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
samba.org/samba/history/security.html
secunia.com/advisories/25232/
sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
us4.samba.org/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447.patch
www.samba.org