Search for vulnerabilities
Vulnerability details: VCID-t54d-kfy1-aaan
Vulnerability ID VCID-t54d-kfy1-aaan
Aliases CVE-2007-2447
Summary The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual MODERATE http://docs.info.apple.com/article.html?artnum=306172
generic_textual MODERATE http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
rhas Critical https://access.redhat.com/errata/RHSA-2007:0354
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.48565 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.69845 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.69845 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.69845 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.69845 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.69845 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.72121 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.72121 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.72722 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.72722 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.72722 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.72722 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.72722 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.72722 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.72722 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.7362 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.74168 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.74168 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.74168 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.74168 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.7464 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.7464 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.75166 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.75166 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.76493 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.76493 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.77373 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.78603 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.78603 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.78603 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.78603 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.78603 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.78603 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.78945 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.78945 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.93793 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.93793 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.93793 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
epss 0.93793 https://api.first.org/data/v1/epss?cve=CVE-2007-2447
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=239774
cvssv2 6.0 https://nvd.nist.gov/vuln/detail/CVE-2007-2447
generic_textual MODERATE http://www.securityfocus.com/bid/25159
Reference id Reference type URL
http://docs.info.apple.com/article.html?artnum=306172
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2447.json
https://api.first.org/data/v1/epss?cve=CVE-2007-2447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447
http://secunia.com/advisories/25232
http://secunia.com/advisories/25241
http://secunia.com/advisories/25246
http://secunia.com/advisories/25251
http://secunia.com/advisories/25255
http://secunia.com/advisories/25256
http://secunia.com/advisories/25257
http://secunia.com/advisories/25259
http://secunia.com/advisories/25270
http://secunia.com/advisories/25289
http://secunia.com/advisories/25567
http://secunia.com/advisories/25675
http://secunia.com/advisories/25772
http://secunia.com/advisories/26083
http://secunia.com/advisories/26235
http://secunia.com/advisories/26909
http://secunia.com/advisories/27706
http://secunia.com/advisories/28292
http://security.gentoo.org/glsa/glsa-200705-15.xml
http://securityreason.com/securityalert/2700
https://issues.rpath.com/browse/RPL-1366
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
http://www.debian.org/security/2007/dsa-1291
http://www.kb.cert.org/vuls/id/268336
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
http://www.novell.com/linux/security/advisories/2007_14_sr.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
http://www.osvdb.org/34700
http://www.redhat.com/support/errata/RHSA-2007-0354.html
http://www.samba.org/samba/security/CVE-2007-2447.html
http://www.securityfocus.com/archive/1/468565/100/0/threaded
http://www.securityfocus.com/archive/1/468670/100/0/threaded
http://www.securityfocus.com/bid/23972
http://www.securityfocus.com/bid/25159
http://www.securitytracker.com/id?1018051
http://www.trustix.org/errata/2007/0017/
http://www.ubuntu.com/usn/usn-460-1
http://www.vupen.com/english/advisories/2007/1805
http://www.vupen.com/english/advisories/2007/2079
http://www.vupen.com/english/advisories/2007/2210
http://www.vupen.com/english/advisories/2007/2281
http://www.vupen.com/english/advisories/2007/2732
http://www.vupen.com/english/advisories/2007/3229
http://www.vupen.com/english/advisories/2008/0050
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
239774 https://bugzilla.redhat.com/show_bug.cgi?id=239774
cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*
CVE-2007-2447 https://nvd.nist.gov/vuln/detail/CVE-2007-2447
CVE-2007-2447;OSVDB-34700 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/16320.rb
GLSA-200705-15 https://security.gentoo.org/glsa/200705-15
RHSA-2007:0354 https://access.redhat.com/errata/RHSA-2007:0354
USN-460-1 https://usn.ubuntu.com/460-1/
Data source Exploit-DB
Date added Aug. 18, 2010
Description Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)
Ransomware campaign use Known
Source publication date Aug. 18, 2010
Exploit type remote
Platform unix
Source update date Sept. 6, 2017
Data source Metasploit
Description This module exploits a command execution vulnerability in Samba versions 3.0.20 through 3.0.25rc3 when using the non-default "username map script" configuration option. By specifying a username containing shell meta characters, attackers can execute arbitrary commands. No authentication is needed to exploit this vulnerability since this option is used to map usernames prior to authentication!
Note 
{}
Ransomware campaign use Unknown
Source publication date May 14, 2007
Platform Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/samba/usermap_script.rb
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-2447
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.97516
EPSS Score 0.48565
Published At April 3, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.