Samba.Arbitrary.Command.Injection
Description
This indicates an attempt to exploit an input validation error in in Samba server.
The MS-RPC functionality in smbd, part of Samba server, fails to properly validate user supplied parameters. This vulnerability can be exploited by remote attackers to inject and execute arbitrary shell commands. The vulnerable function is "_AddPrinterW" in Samba 3. It can be reached through an "AddPrinter" remote request.
Affected Products
Samba versions 3.0.0 through 3.0.25rc3.
Impact
System compromise: arbitrary command execution.
Recommended Actions
Upgrade to Samba version 3.0.25 :
http://us4.samba.org/samba/download/
Alternatively, apply patches :
http://us4.samba.org/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2444.patch
http://us4.samba.org/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2446.patch
http://us4.samba.org/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447.patch
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |