34700 : Samba Unfiltered MS-RPC Calls Arbitrary Remote Command Execution
Printer | http://osvdb.org/34700 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
17	2008	over 4 years ago	12 months ago	8 times	100%

Timeline

Vendor Informed Date	Vendor Ack Date	Disclosure Date
2007-05-07	2007-05-07	2007-05-14

Keywords

HPSBTU02218, SSRT071424 HPSBTU02233, SSRT071424, c01091459

Description

Samba contains a flaw that may allow a malicious user to execute arbitrary shell commands. The issue is triggered due to MS-RPC does not properly check user-supplied input when passing RPC messages from external scripts to '/bin/sh'. It is possible that the flaw may allow code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public, Exploit Private
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 3.0.25 or higher, as it has been reported to fix this vulnerability. In addition, Samba has released a patch for some older versions.

Products

Samba Project	Samba	3.0.0
		3.0.1
		3.0.2
		3.0.3
		3.0.4
		3.0.5
		3.0.6
		3.0.7
		3.0.8
		3.0.9
		3.0.10
		3.0.11
		3.0.12
		3.0.13
		3.0.14
		3.0.14a
		3.0.2a
		3.0.20
		3.0.20a
		3.0.20b
		3.0.21
		3.0.21a
		3.0.21b
		3.0.21c
		3.0.22
		3.0.23
		3.0.23a
		3.0.23b
		3.0.23c
		3.0.23d
		3.0.24
		3.0.25rc3

References

CVE ID: 2007-2447 (see also: NVD)
Bugtraq ID: 23972
Secunia Advisory ID: 25232 25241 25246 25251 25255 25256 25257 25259 25270 25289 25391 25567 25675 25772 26083 26235 26909 27706 28292
CERT VU: 268336
Related OSVDB ID: 34698 34699
Metasploit ID: 34700
VUPEN Advisory: ADV-2007-1805
Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070502-01-P.asc http://docs.info.apple.com/article.html?artnum=306172
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00009.html
http://lists.rpath.com/pipermail/security-announce/2007-May/000187.html
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1
http://www.gentoo.org/security/en/glsa/glsa-200705-15.xml
http://www.gentoo.org/security/en/glsa/glsa-200711-23.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104
http://www.trustix.org/errata/2007/0017/
http://www.ubuntu.com/usn/usn-460-1
Keyword: HPSBTU02218,SSRT071424
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0206.html
http://archives.neohapsis.com/archives/bugtraq/2007-05/0210.html
http://archives.neohapsis.com/archives/bugtraq/2007-06/0059.html
http://archives.neohapsis.com/archives/bugtraq/2007-06/0260.html
http://archives.neohapsis.com/archives/bugtraq/2007-07/0070.html
Vendor URL: http://www.samba.org
Vendor Specific News/Changelog Entry: http://www.samba.org/samba/security/CVE-2007-2447.html
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
https://issues.rpath.com/browse/RPL-1366
Vendor Specific Advisory URL: http://www8.itrc.hp.com/service/cki/docDisplay.do?docId=c01067768
RedHat RHSA: RHSA-2007:0354

Tools & Filters

	25217 25222 25228 25233 25234 25236 25237 25239 27429 27430 27431 27432 28059 29576 29577 29965
	3990

Credit

Anonymous - iDefense Labs VCP

CVSSv2 Score

CVSSv2 Base Score = 6.0
Source: nvd.nist.gov | Generated: 2007-05-16 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.