CVE-2007-2447

Samba 3.0.20 < 3.0.25rc3 - Remote Code Execution

Samba 3.0.2x > 3.0.25rc3 - Remote Code Execution - Python/Metasploit

Vulnerability: metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

Score: CVSS v2.0: 6 // CVSS v3.x: N/A

Shows on:

• HTB - Lame

POC:

Samba 3.0.20 < 3.0.25rc3 - 'Username' map script' Command Execution (Metasploit)Exploit Database

GitHub - amriunix/CVE-2007-2447: CVE-2007-2447 - Samba usermap scriptGitHub

Resources:

NVD - CVE-2007-2447

CVE - CVE-2007-2447