Samba 3.0.0 'SamrChangePassword' RCE

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The file and print server running on the remote host is affected by a
remote code execution vulnerability.

Description :

The version of Samba running on the remote host is affected by a
remote code execution vulnerability due to improper validation of
user-supplied input when passing RPC messages from external scripts to
a shell. A remote, authenticated attacker can exploit this via the use
of shell metacharacters during login negotiations when the 'username
map script' option is enabled, or during the invocation of other
printer and file management MS-RPC calls.

See also :

https://www.samba.org/samba/security/CVE-2007-2447.html

Solution :

Upgrade to version 3.0.25 or later

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 82580 ()

Bugtraq ID: 23972

CVE ID: CVE-2007-2447

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now