Remote Command Injection Vulnerability

2007-05-14T00:00:00
ID SAMBA:CVE-2007-2447
Type samba
Reporter Samba
Modified 2007-05-14T00:00:00

Description

This bug was originally reported against the anonymous calls to the SamrChangePassword() MS-RPC function in combination with the "username map script" smb.conf option (which is not enabled by default). After further investigation by Samba developers, it was determined that the problem was much broader and impacts remote printer and file share management as well. The root cause is passing unfiltered user input provided via MS-RPC calls to /bin/sh when invoking externals scripts defined in smb.conf. However, unlike the "username map script" vulnerability, the remote file and printer management scripts require an authenticated user session.