漏洞信息(CVE-2007-2447)

一、漏洞 CVE-2007-2447 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

在Samba 3.0.0 到 3.0.25rc3 版本中，MS-RPC功能在 smbd 中允许远程攻击者通过涉及(1)SamrChangePassword功能的 shell 元字符执行任意命令。当“用户名映射脚本”smb.conf 选项启用时，还允许远程认证用户通过涉及其他 MS-RPC 功能的 shell 元字符在(2)远程打印机和(3)文件共享管理中执行命令。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Samba MS-RPC Shell命令注入漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 Samba在处理用户数据时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上执行任意命令。 Samba中负责在SAM数据库更新用户口令的代码未经过滤便将用户输入传输给了/bin/sh。如果在调用smb.conf中定义的外部脚本时，通过对/bin/sh的MS-RPC调用提交了恶意输入的话，就可能允许攻击者以nobody用户的权限执

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

代码注入

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2007-2447 的公开POC

#	POC 描述	源链接	神龙链接
1	CVE-2007-2447 - Samba usermap script	https://github.com/amriunix/CVE-2007-2447	POC详情
2	A simple exploit for CVE-2007-2447	https://github.com/b1fair/smb_usermap	POC详情
3	Remote Command Injection Vulnerability (CVE-2007-2447), allows remote attackers to execute arbitrary commands by specifying a Samba username containing shell meta characters.	https://github.com/JoseBarrios/CVE-2007-2447	POC详情
4	None	https://github.com/3x1t1um/CVE-2007-2447	POC详情
5	Exploit for the vulnerability CVE-2007-2447	https://github.com/xlcc4096/exploit-CVE-2007-2447	POC详情
6	None	https://github.com/WildfootW/CVE-2007-2447_Samba_3.0.25rc3	POC详情
7	Python implementation of 'Username' map script' RCE Exploit for Samba 3.0.20 < 3.0.25rc3 (CVE-2007-2447).	https://github.com/Ziemni/CVE-2007-2447-in-Python	POC详情
8	None	https://github.com/0xKn/CVE-2007-2447	POC详情
9	Exploit Samba	https://github.com/ozuma/CVE-2007-2447	POC详情
10	Samba 3.0.20 username map script exploit	https://github.com/un4gi/CVE-2007-2447	POC详情
11	cve-2007-2447 this script was rewrite the part of Metasploit modules to python3	https://github.com/G01d3nW01f/CVE-2007-2447	POC详情
12	Samba usermap script.	https://github.com/cherrera0001/CVE-2007-2447	POC详情
13	CVE-2007-2447 - Samba usermap script	https://github.com/Alien0ne/CVE-2007-2447	POC详情
14	None	https://github.com/3t4n/samba-3.0.24-CVE-2007-2447-vunerable-	POC详情
15	Exploit code for CVE-2007-2447 written in Python3.	https://github.com/xbufu/CVE-2007-2447	POC详情
16	None	https://github.com/s4msec/CVE-2007-2447	POC详情
17	None	https://github.com/0xConstant/CVE-2007-2447	POC详情
18	CVE-2007-2447	https://github.com/Nosferatuvjr/Samba-Usermap-exploit	POC详情
19	None	https://github.com/testaross4/CVE-2007-2447	POC详情
20	CVE-2007-2447 samba remote code execution	https://github.com/mr-l0n3lly/CVE-2007-2447	POC详情
21	CVE-2007-2447 exploit written in python to get reverse shell	https://github.com/HerculesRD/PyUsernameMapScriptRCE	POC详情
22	automated script for exploiting CVE-2007-2447	https://github.com/Aviksaikat/CVE-2007-2447	POC详情
23	None	https://github.com/crypticdante/CVE-2007-2447	POC详情
24	Exploit i used in HTB	https://github.com/bdunlap9/CVE-2007-2447_python	POC详情
25	Samba 3.0.20	https://github.com/MikeRega7/CVE-2007-2447-RCE	POC详情
26	Samba Reverse Shell	https://github.com/0xTabun/CVE-2007-2447	POC详情
27	None	https://github.com/ShivamDey/Samba-CVE-2007-2447-Exploit	POC详情
28	None	https://github.com/H3xL00m/CVE-2007-2447	POC详情
29	None	https://github.com/n3ov4n1sh/CVE-2007-2447	POC详情
30	Samba 3.0.0 - 3.0.25rc3	https://github.com/Juantos/cve-2007-2447	POC详情
31	None	https://github.com/c0d3cr4f73r/CVE-2007-2447	POC详情
32	Exploit Samba smbd 3.0.20-Debian	https://github.com/Sp3c73rSh4d0w/CVE-2007-2447	POC详情
33	This is a exploit for CVE-2007-2447; Vulnerable SMB	https://github.com/IamLucif3r/CVE-2007-2447-Exploit	POC详情
34	Exploit Samba smbd 3.0.20-Debian	https://github.com/0xwh1pl4sh/CVE-2007-2447	POC详情
35	Exploit Samba smbd 3.0.20-Debian	https://github.com/N3rdyN3xus/CVE-2007-2447	POC详情
36	Exploit Samba smbd 3.0.20-Debian	https://github.com/NyxByt3/CVE-2007-2447	POC详情
37	Exploit Samba smbd 3.0.20-Debian	https://github.com/h3xcr4ck3r/CVE-2007-2447	POC详情
38	Exploit Samba smbd 3.0.20-Debian	https://github.com/n3rdh4x0r/CVE-2007-2447	POC详情
39	None	https://github.com/banomaly/CVE-2007-2447	POC详情
40	None	https://github.com/foudadev/CVE-2007-2447	POC详情
41	CVE-2007-2447 samba remote code execution	https://github.com/b3m0x00/CVE-2007-2447	POC详情
42	CVE-2007-2447 samba remote code execution	https://github.com/b33m0x00/CVE-2007-2447	POC详情
43	None	https://github.com/elphon/CVE-2007-2447-Exploit	POC详情

三、漏洞 CVE-2007-2447 的情报信息

http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf x_refsource_CONFIRM
http://www.samba.org/samba/security/CVE-2007-2447.html x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-1366 x_refsource_CONFIRM
http://docs.info.apple.com/article.html?artnum=306172 x_refsource_CONFIRM
http://securityreason.com/securityalert/2700 third-party-advisory x_refsource_SREASON
http://secunia.com/advisories/25567 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25289 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25241 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28292 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25256 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25259 third-party-advisory x_refsource_SECUNIA
http://www.osvdb.org/34700 vdb-entry x_refsource_OSVDB
http://secunia.com/advisories/26909 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/27706 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25232 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25251 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25246 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/25159 vdb-entry x_refsource_BID
http://secunia.com/advisories/25255 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/26235 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25675 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25257 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25772 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/23972 vdb-entry x_refsource_BID
http://secunia.com/advisories/26083 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/25270 third-party-advisory x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1 vendor-advisory x_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1 vendor-advisory x_refsource_SUNALERT
http://www.securitytracker.com/id?1018051 vdb-entry x_refsource_SECTRACK
http://www.debian.org/security/2007/dsa-1291 vendor-advisory x_refsource_DEBIAN
http://www.kb.cert.org/vuls/id/268336 third-party-advisory x_refsource_CERT-VN
http://www.ubuntu.com/usn/usn-460-1 vendor-advisory x_refsource_UBUNTU
http://www.trustix.org/errata/2007/0017/ vendor-advisory x_refsource_TRUSTIX
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980 vendor-advisory x_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768 vendor-advisory x_refsource_HP
http://www.vupen.com/english/advisories/2007/1805 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/3229 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2732 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2079 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2210 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/0050 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2281 vdb-entry x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104 vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2007-0354.html vendor-advisory x_refsource_REDHAT
http://security.gentoo.org/glsa/glsa-200705-15.xml vendor-advisory x_refsource_GENTOO
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906 vendor-advisory x_refsource_SLACKWARE
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.html vendor-advisory x_refsource_SUSE
http://www.novell.com/linux/security/advisories/2007_14_sr.html vendor-advisory x_refsource_SUSE
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html vendor-advisory x_refsource_OPENPKG
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html vendor-advisory x_refsource_APPLE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10062 vdb-entry signature x_refsource_OVAL
http://www.securityfocus.com/archive/1/468670/100/0/threaded mailing-list x_refsource_BUGTRAQ
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534 third-party-advisory x_refsource_IDEFENSE
http://www.securityfocus.com/archive/1/468565/100/0/threaded mailing-list x_refsource_BUGTRAQ
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html mailing-list x_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2007-2447

一、 漏洞 CVE-2007-2447 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2007-2447 的公开POC

三、漏洞 CVE-2007-2447 的情报信息

一、漏洞 CVE-2007-2447 基础信息