Oval Definition:oval:org.mitre.oval:def:10062
Revision Date:2013-04-29Version:12
Title:The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Description:The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2007-2447
Platform(s):CentOS Linux 3
CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL3, CentOS3
  • RHEL3 or CentOS3
  • The operating system installed on the system is Red Hat Enterprise Linux 3
  • OR CentOS Linux 3.x
  • AND Configuration section
  • samba-common is earlier than 0:3.0.9-1.3E.13.2
  • OR samba-swat is earlier than 0:3.0.9-1.3E.13.2
  • OR samba-client is earlier than 0:3.0.9-1.3E.13.2
  • OR samba is earlier than 0:3.0.9-1.3E.13.2
  • OR OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • samba-common is earlier than 0:3.0.10-1.4E.12.2
  • OR samba-swat is earlier than 0:3.0.10-1.4E.12.2
  • OR samba-client is earlier than 0:3.0.10-1.4E.12.2
  • OR samba is earlier than 0:3.0.10-1.4E.12.2
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • samba-common is earlier than 0:3.0.23c-2.el5.2.0.2
  • OR samba-swat is earlier than 0:3.0.23c-2.el5.2.0.2
  • OR samba-client is earlier than 0:3.0.23c-2.el5.2.0.2
  • OR samba is earlier than 0:3.0.23c-2.el5.2.0.2
    • BACK