Vulnerability Note VU#268336
Samba command injection vulnerability
Samba fails to properly filter input to /bin/sh. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code on a Samba server.
Samba provides file and print services for Microsoft Windows, Unix, Linux, and OS X clients. Samba can also act as a Primary Domain Controller (PDC) or as a Domain Member. Samba runs on most Unix-like systems.
Samba versions prior to 3.0.24 pass unchecked user input from RPC messages to /bin/sh when calling externals scripts that are listed in the Samba configuration file. An attacker may be able to exploit this vulnerability by sending specially crafted RPC messages to a vulnerable server.
A remote, unauthenticated attacker may be able to execute arbitrary commands.
Apply a patch or upgrade
Do not load external shell scripts
Limiting access to the Samba server to trusted hosts may mitigate this vulnerability.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||14 May 2007||30 Jul 2007|
|Debian GNU/Linux||Affected||14 May 2007||30 Jul 2007|
|Gentoo Linux||Affected||14 May 2007||16 May 2007|
|Red Hat, Inc.||Affected||14 May 2007||15 May 2007|
|Samba||Affected||-||14 May 2007|
|Slackware Linux Inc.||Affected||14 May 2007||16 May 2007|
|Sun Microsystems, Inc.||Affected||14 May 2007||15 May 2007|
|Ubuntu||Affected||14 May 2007||16 May 2007|
|Novell, Inc.||Not Affected||14 May 2007||01 Jun 2007|
|Conectiva Inc.||Unknown||14 May 2007||14 May 2007|
|Cray Inc.||Unknown||14 May 2007||14 May 2007|
|EMC, Inc. (formerly Data General Corporation)||Unknown||14 May 2007||14 May 2007|
|Engarde Secure Linux||Unknown||14 May 2007||14 May 2007|
|F5 Networks, Inc.||Unknown||14 May 2007||14 May 2007|
|Fedora Project||Unknown||14 May 2007||14 May 2007|
CVSS Metrics (Learn More)
Thanks to Joshua J. Drake, iDefense Labs, and the Samba team for information that was used in this report.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2007-2447
- Date Public: 14 May 2007
- Date First Published: 14 May 2007
- Date Last Updated: 21 Jul 2008
- Severity Metric: 7.44
- Document Revision: 41
If you have feedback, comments, or additional information about this vulnerability, please send us email.