Detections
Analytics

Samba 3.0.0 'SamrChangePassword' RCE

medium Nessus Plugin ID 82580

Language:

Synopsis

The file and print server running on the remote host is affected by a remote code execution vulnerability.

Description

The version of Samba running on the remote host is affected by a remote code execution vulnerability due to improper validation of user-supplied input when passing RPC messages from external scripts to a shell. A remote, authenticated attacker can exploit this via the use of shell metacharacters during login negotiations when the 'username map script' option is enabled, or during the invocation of other printer and file management MS-RPC calls.

Solution

Upgrade to version 3.0.25 or later

See Also

https://www.samba.org/samba/security/CVE-2007-2447.html

Plugin Details

Severity: Medium

ID: 82580

File Name: samba_3_login_rce.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 4/6/2015

Updated: 3/9/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2007-2447

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 5/14/2007

Vulnerability Publication Date: 5/14/2007

Exploitable With

Core Impact

Metasploit (Samba "username map script" Command Execution)

Reference Information

CVE: CVE-2007-2447

BID: 23972

CERT: 268336