CVE-2007-2447
CVE-2007-2447
Vexday Risk Score
52Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Popular PoC on GitHub (61 stars) — exploitation code widely available.
CVSS —EPSS 49.8%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
14 May 2007Metasploit module available
14 May 2007Published on NVD
18 Aug 2010Public PoC
Weaponization speed
1191 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Affected products
n/a · n/apublic PoCs found — 41
githubgithub.com/amriunix/CVE-2007-2447★ 61githubgithub.com/h3x0v3rl0rd/CVE-2007-2447★ 5githubgithub.com/Unix13/metasploitable2★ 4githubgithub.com/Ziemni/CVE-2007-2447-in-Python★ 3githubgithub.com/Alien0ne/CVE-2007-2447★ 3githubgithub.com/xbufu/CVE-2007-2447★ 2githubgithub.com/SeifEldienAhmad/Penetration-Testing-on-Metasploitable2★ 1githubgithub.com/JoseBarrios/CVE-2007-2447★ 1githubgithub.com/3x1t1um/CVE-2007-2447★ 1githubgithub.com/ozuma/CVE-2007-2447★ 1githubgithub.com/s4msec/CVE-2007-2447★ 1githubgithub.com/Aviksaikat/CVE-2007-2447★ 1githubgithub.com/abdulsaabir/CVE-2007-2447★ 1githubgithub.com/0xKn/CVE-2007-2447★ 0githubgithub.com/Nosferatuvjr/Samba-Usermap-exploit★ 0githubgithub.com/testaross4/CVE-2007-2447★ 0githubgithub.com/b33m0x00/CVE-2007-2447★ 0githubgithub.com/HerculesRD/PyUsernameMapScriptRCE★ 0githubgithub.com/DesmondHinds94/S22_The_Verification_Protocol★ 0githubgithub.com/WildfootW/CVE-2007-2447_Samba_3.0.25rc3★ 0githubgithub.com/bdunlap9/CVE-2007-2447_python★ 0githubgithub.com/MikeRega7/CVE-2007-2447-RCE★ 0githubgithub.com/ShivamDey/Samba-CVE-2007-2447-Exploit★ 0githubgithub.com/Juantos/cve-2007-2447★ 0githubgithub.com/IamLucif3r/CVE-2007-2447-Exploit★ 0githubgithub.com/foudadev/CVE-2007-2447★ 0githubgithub.com/elphon/CVE-2007-2447-Exploit★ 0githubgithub.com/DevinLiggins14/SMB-PenTest-Exploiting-CVE-2007-2447-on-Metasploitable-2★ 0githubgithub.com/MrRoma577/exploit_cve-2007-2447_again★ 0githubgithub.com/nika0x38/CVE-2007-2447★ 0githubgithub.com/xlcc4096/exploit-CVE-2007-2447★ 0githubgithub.com/nulltrace1336/Samba-Exploit-CVE-2007-2447★ 0githubgithub.com/b1fair/smb_usermap★ 0githubgithub.com/vig9610/Exploiting-Samba-on-Metasploitable-2★ 0githubgithub.com/r3vpwnx/CVE-2007-2447★ 0githubgithub.com/Daviddoctor/Samba-CVE-2007-2447-Exploit-Username-Map-Script★ 0githubgithub.com/Youneskc/SMB-Penetration-Testing-NTLM-Relay-Version-2-★ 0githubgithub.com/harshiys/cybersecurity-home-lab-btp★ 0githubgithub.com/G01d3nW01f/CVE-2007-2447★ 0githubgithub.com/3t4n/samba-3.0.24-CVE-2007-2447-vunerable-★ 0exploitdbwww.exploit-db.com/exploits/16320unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://docs.info.apple.com/article.html?artnum=306172http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlhttp://lists.suse.com/archive/suse-security-announce/2007-May/0006.htmlhttp://secunia.com/advisories/25232http://secunia.com/advisories/25241http://secunia.com/advisories/25246http://secunia.com/advisories/25251http://secunia.com/advisories/25255