Samba MS-RPC Remote Shell Command Execution Vulnerability (Active Check)

Published: 2016-10-31 09:47:00
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Summary:
Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.

Detection Method:
Send a crafted command to the samba server and check for a remote command execution.

Impact:
An attacker may leverage this issue to execute arbitrary shell commands on an affected system with the privileges of the application.

Recommendations:
Updates are available. Please see the referenced vendor advisory.

Affected Versions:
This issue affects Samba 3.0.0 to 3.0.25rc3.

Solution Type:
Vendor Patch

Detection Type:
Remote Vulnerability

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2007-2447

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/23972

References:

http://www.securityfocus.com/bid/23972
https://www.samba.org/samba/security/CVE-2007-2447.html

Search
Severity
Medium
CVSS Score
6.0

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.