SMB: User Credential Command Injection
This signature detects attempts to exploit a known vulnerability against Samba. A successful exploit of this vulnerability can allow an unauthorized user to execute arbitrary shell commands on an affected computer in the context of the application.
Extended Description
Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application. This issue affects Samba 3.0.0 to 3.0.25rc3.
Affected Products
Xerox workcentre_pro,Openpkg openpkg
Short Name
SMB:USER-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
CVE-2007-2447 Command Credential Injection User bid:23972
Release Date
02/18/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Samba
Suse
Apple
Trustix
Hp
Sun
Rpath
Gentoo
Turbolinux
Avaya
Xerox
Sgi
Slackware
Openpkg
Mandriva
Foresight_linux
Debian
Vmware
CVSS Score
6.0