Unrated severityNVD Advisory· Published May 14, 2007· Updated Apr 23, 2026
CVE-2007-2447
CVE-2007-2447
Description
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Affected products
44cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*+ 41 more
- cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.20b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.21c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23b:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23c:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.23d:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:pre2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc2:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.25:rc3:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.2a:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.0.9:*:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/cifs-utils&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/samba&distro=openSUSE%20Tumbleweed
< 6.13-1.3+ 1 more
- (no CPE)range: < 6.13-1.3
- (no CPE)range: < 4.14.6+git.182.2205d5224e3-1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
56- www.samba.org/samba/security/CVE-2007-2447.htmlnvdPatchVendor Advisory
- secunia.com/advisories/25232nvdVendor Advisory
- secunia.com/advisories/25241nvdVendor Advisory
- secunia.com/advisories/25246nvdVendor Advisory
- secunia.com/advisories/25251nvdVendor Advisory
- secunia.com/advisories/25255nvdVendor Advisory
- secunia.com/advisories/25256nvdVendor Advisory
- secunia.com/advisories/25257nvdVendor Advisory
- secunia.com/advisories/25259nvdVendor Advisory
- secunia.com/advisories/25270nvdVendor Advisory
- www.kb.cert.org/vuls/id/268336nvdUS Government Resource
- docs.info.apple.com/article.htmlnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- labs.idefense.com/intelligence/vulnerabilities/display.phpnvd
- lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlnvd
- lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlnvd
- lists.suse.com/archive/suse-security-announce/2007-May/0006.htmlnvd
- secunia.com/advisories/25289nvd
- secunia.com/advisories/25567nvd
- secunia.com/advisories/25675nvd
- secunia.com/advisories/25772nvd
- secunia.com/advisories/26083nvd
- secunia.com/advisories/26235nvd
- secunia.com/advisories/26909nvd
- secunia.com/advisories/27706nvd
- secunia.com/advisories/28292nvd
- security.gentoo.org/glsa/glsa-200705-15.xmlnvd
- securityreason.com/securityalert/2700nvd
- slackware.com/security/viewer.phpnvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- www.debian.org/security/2007/dsa-1291nvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2007_14_sr.htmlnvd
- www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.htmlnvd
- www.openwall.com/lists/oss-security/2025/10/16/2nvd
- www.osvdb.org/34700nvd
- www.redhat.com/support/errata/RHSA-2007-0354.htmlnvd
- www.securityfocus.com/archive/1/468565/100/0/threadednvd
- www.securityfocus.com/archive/1/468670/100/0/threadednvd
- www.securityfocus.com/bid/23972nvd
- www.securityfocus.com/bid/25159nvd
- www.securitytracker.com/idnvd
- www.trustix.org/errata/2007/0017/nvd
- www.ubuntu.com/usn/usn-460-1nvd
- www.vupen.com/english/advisories/2007/1805nvd
- www.vupen.com/english/advisories/2007/2079nvd
- www.vupen.com/english/advisories/2007/2210nvd
- www.vupen.com/english/advisories/2007/2281nvd
- www.vupen.com/english/advisories/2007/2732nvd
- www.vupen.com/english/advisories/2007/3229nvd
- www.vupen.com/english/advisories/2008/0050nvd
- www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdfnvd
- issues.rpath.com/browse/RPL-1366nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062nvd
News mentions
0No linked articles in our index yet.