CVE-2007-2447

Name	CVE-2007-2447
Description	The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1291-2, DTSA-41-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
samba (PTS)	bullseye (security), bullseye	2:4.13.13+dfsg-1~deb11u6	fixed
	bookworm, bookworm (security)	2:4.17.12+dfsg-0+deb12u1	fixed
	trixie	2:4.20.2+dfsg-7	fixed
	sid	2:4.20.2+dfsg-10	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
samba	source	sarge	3.0.14a-3sarge6		DSA-1291-2
samba	source	etch	3.0.24-6etch2		DSA-1291-2
samba	source	lenny	3.0.24-6+lenny3		DTSA-41-1
samba	source	(unstable)	3.0.25-1	high