Search for vulnerabilities
Vulnerability details: VCID-ene5-a1t6-tqax
Vulnerability ID VCID-ene5-a1t6-tqax
Aliases CVE-2007-2447
Summary
Status Published
Exploitability 2.0
Weighted Severity 0.8
Risk 1.6
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.49284 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.49284 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.49284 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.49284 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.49284 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.52267 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.52267 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.52267 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.52267 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.52267 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.56754 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.56754 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.77776 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.77776 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.80644 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.81354 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.81354 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.82125 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.82125 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.83817 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.83817 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.83817 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2447.json
https://api.first.org/data/v1/epss?cve=CVE-2007-2447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
239774 https://bugzilla.redhat.com/show_bug.cgi?id=239774
CVE-2007-2447;OSVDB-34700 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/16320.rb
RHSA-2007:0354 https://access.redhat.com/errata/RHSA-2007:0354
USN-460-1 https://usn.ubuntu.com/460-1/
Data source Metasploit
Description This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!
Note 
Reliability:
  - unknown-reliability
Stability:
  - unknown-stability
SideEffects:
  - unknown-side-effects
Ransomware campaign use Unknown
Source publication date May 14, 2007
Platform Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/samba/usermap_script.rb
Data source Exploit-DB
Date added Aug. 18, 2010
Description Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)
Ransomware campaign use Known
Source publication date Aug. 18, 2010
Exploit type remote
Platform unix
Source update date Sept. 6, 2017
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.97689
EPSS Score 0.49284
Published At Aug. 4, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:38:21.083076+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/460-1/ 37.0.0