Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-2447 — Samba vulnerability

21 documents11 sources

Severity

6.0MEDIUMNVD

EPSS

77.4%

top 1.01%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Samba Debian Samba

Timeline

PublishedMay 14

Latest updateJul 22

Description

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/samba< samba 3.0.25-1 (bookworm)

▶Debiansamba/samba< 3.0.25-1+3

▶NVDsamba/samba37 versions+36

Patches

Patch: www.samba.org ↗Patch: www.samba.org ↗

🔴Vulnerability Details

GHSA

GHSA-xxqh-84mj-whcj: The MS-RPC functionality in smbd in Samba 3↗2022-05-01

▶

OSV

CVE-2007-2447: The MS-RPC functionality in smbd in Samba 3↗2007-05-14

▶

💥Exploits & PoCs

Exploit-DB

Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)↗2010-08-18

▶

Metasploit

Samba "username map script" Command Execution↗

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2007-05-16

▶

Red Hat

samba code injection↗2007-05-14

▶

Debian

CVE-2007-2447: samba - The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote ...↗2007

▶

Red Hat

'c' character missing from shell metacharacter whitelist↗

▶

📄Research Papers

arXiv

Evaluation of Reinforcement Learning for Autonomous Penetration Testing using A3C, Q-learning and DQN↗2024-07-22

▶

arXiv

Autosploit: A Fully Automated Framework for Evaluating the Exploitability of Security Vulnerabilities↗2020-06-30

▶

CTF

vulnlabs / metasploitable2↗

▶

CTF

attack-paths↗

▶

CTF

easy / README↗

▶

💬Community

Bugzilla

CVE-2007-4044 'c' character missing from shell metacharacter whitelist↗2007-08-17

▶

Bugzilla

Missing character bug in latest security patches↗2007-06-05

▶

Bugzilla

Missing character bug in latest security patches↗2007-06-05

▶

Bugzilla

CVE-2007-2447 samba code injection↗2007-05-11

▶