CVE-2007-2447

Impact:
Important
Public Date:
2007-05-14
Bugzilla:
239774: CVE-2007-2447 samba code injection

The MITRE CVE dictionary describes this issue as:

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

Find out more about CVE-2007-2447 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (samba) RHSA-2007:0354 2007-05-14
Red Hat Enterprise Linux 2.1 (samba) RHSA-2007:0354 2007-05-14
Red Hat Enterprise Linux 4 (samba) RHSA-2007:0354 2007-05-14
Red Hat Enterprise Linux 3 (samba) RHSA-2007:0354 2007-05-14

Acknowledgements

Red Hat would like to thank the Samba developers, TippingPoint, and iDefense for reporting these issues.
Last Modified

CVE description copyright © 2017, The MITRE Corporation