Samba 3.0.0 'SamrChangePassword' RCE

Medium Nessus Plugin ID 82580


The file and print server running on the remote host is affected by a remote code execution vulnerability.


The version of Samba running on the remote host is affected by a remote code execution vulnerability due to improper validation of user-supplied input when passing RPC messages from external scripts to a shell. A remote, authenticated attacker can exploit this via the use of shell metacharacters during login negotiations when the 'username map script' option is enabled, or during the invocation of other printer and file management MS-RPC calls.


Upgrade to version 3.0.25 or later

See Also

Plugin Details

Severity: Medium

ID: 82580

File Name: samba_3_login_rce.nasl

Version: $Revision: 1.3 $

Type: remote

Family: Misc.

Published: 2015/04/06

Modified: 2015/09/24

Dependencies: 10785

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 2007/05/14

Vulnerability Publication Date: 2007/05/14

Exploitable With

Core Impact

Metasploit (Samba "username map script" Command Execution)

Reference Information

CVE: CVE-2007-2447

BID: 23972

OSVDB: 34700

CERT: 268336