Launchpad.net

CVE 2007-2447

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20070514 Samba SAMR Ch...
CONFIRM: http://www.samba.org/s...
CONFIRM: https://issues.rpath.c...
REDHAT: RHSA-2007:0354
CERT-VN: VU#268336
BID: 23972
SECUNIA: 25241
SECUNIA: 25246
SECUNIA: 25256
SECUNIA: 25257
DEBIAN: DSA-1291
GENTOO: GLSA-200705-15
TRUSTIX: 2007-0017
UBUNTU: USN-460-1
OSVDB: 34700
SECTRACK: 1018051
SECUNIA: 25232
SECUNIA: 25251
SECUNIA: 25270
SECUNIA: 25259
SECUNIA: 25255
OPENPKG: OpenPKG-SA-2007.012
SUSE: SUSE-SA:2007:031
SECUNIA: 25289
SECUNIA: 25567
SUNALERT: 102964
SECUNIA: 25675
SECUNIA: 25772
SUSE: SUSE-SR:2007:014
SECUNIA: 26083
CONFIRM: http://docs.info.apple...
APPLE: APPLE-SA-2007-07-31
BID: 25159
SECUNIA: 26235
SREASON: 2700
MANDRIVA: MDKSA-2007:104
FULLDISC: 20070920 VMSA-2007-000...
SECUNIA: 26909
SECUNIA: 27706
CONFIRM: http://www.xerox.com/d...
SECUNIA: 28292
SUNALERT: 200588
VUPEN: ADV-2007-1805
VUPEN: ADV-2007-2079
VUPEN: ADV-2007-2210
VUPEN: ADV-2007-2281
VUPEN: ADV-2007-2732
VUPEN: ADV-2007-3229
VUPEN: ADV-2008-0050
HP: HPSBUX02218
HP: SSRT071424
HP: HPSBTU02218
SLACKWARE: SSA:2007-134-01
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070513 [SAMBA-SECURI...
BUGTRAQ: 20070515 FLEA-2007-001...

Launchpad.net

CVE 2007-2447

Related bugs

References