Signature Detail

SMB: User Credential Command Injection

This signature detects attempts to exploit a known vulnerability against Samba. A successful exploit of this vulnerability can allow an unauthorized user to execute arbitrary shell commands on an affected computer in the context of the application.

Extended Description

Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application. This issue affects Samba 3.0.0 to 3.0.25rc3.

Affected Products

• Apple Mac OS X 10.3.9
• Apple Mac OS X 10.4.10
• Apple Mac OS X Server 10.3.9
• Apple Mac OS X Server 10.4.10
• Avaya Interactive Response 2.0
• Debian Linux 3.1.0
• Debian Linux 3.1.0 Alpha
• Debian Linux 3.1.0 Amd64
• Debian Linux 3.1.0 Arm
• Debian Linux 3.1.0 Hppa
• Debian Linux 3.1.0 Ia-32
• Debian Linux 3.1.0 Ia-64
• Debian Linux 3.1.0 M68k
• Debian Linux 3.1.0 Mips
• Debian Linux 3.1.0 Mipsel
• Debian Linux 3.1.0 Ppc
• Debian Linux 3.1.0 S/390
• Debian Linux 3.1.0 Sparc
• Debian Linux 4.0
• Debian Linux 4.0 Alpha
• Debian Linux 4.0 Amd64
• Debian Linux 4.0 Arm
• Debian Linux 4.0 Hppa
• Debian Linux 4.0 Ia-32
• Debian Linux 4.0 Ia-64
• Debian Linux 4.0 M68k
• Debian Linux 4.0 Mips
• Debian Linux 4.0 Mipsel
• Debian Linux 4.0 Powerpc
• Debian Linux 4.0 S/390
• Debian Linux 4.0 Sparc
• Foresight Linux 1.1
• Gentoo Linux
• HP HP-UX B.11.11
• HP HP-UX B.11.23
• HP HP-UX B.11.31
• HP Internet Express 6.6
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Corporate Server 4.0
• Mandriva Corporate Server 4.0.0 X86 64
• Mandriva Linux Mandrake 2007.0
• Mandriva Linux Mandrake 2007.0 X86 64
• Mandriva Linux Mandrake 2007.1
• Mandriva Linux Mandrake 2007.1 X86 64
• OpenPKG E1.0-Solid
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0
• Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
• Red Hat Desktop 3.0.0
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux 5 Server
• Red Hat Enterprise Linux AS 2.1
• Red Hat Enterprise Linux AS 2.1 IA64
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux Desktop 5 Client
• Red Hat Enterprise Linux ES 2.1
• Red Hat Enterprise Linux ES 2.1 IA64
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux WS 2.1
• Red Hat Enterprise Linux WS 2.1 IA64
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• rPath rPath Linux 1
• Samba 3.0.0
• Samba 3.0.0 Alpha
• Samba 3.0.1
• Samba 3.0.10
• Samba 3.0.11
• Samba 3.0.12
• Samba 3.0.13
• Samba 3.0.14
• Samba 3.0.14A
• Samba 3.0.2
• Samba 3.0.20
• Samba 3.0.20A
• Samba 3.0.20B
• Samba 3.0.21
• Samba 3.0.21A
• Samba 3.0.21B
• Samba 3.0.21C
• Samba 3.0.22
• Samba 3.0.23A
• Samba 3.0.23B
• Samba 3.0.23C
• Samba 3.0.23D
• Samba 3.0.24
• Samba 3.0.25 Rc1
• Samba 3.0.25 Rc2
• Samba 3.0.25 Rc3
• Samba 3.0.2 A
• Samba 3.0.3
• Samba 3.0.4
• Samba 3.0.4 -R1
• Samba 3.0.5
• Samba 3.0.6
• Samba 3.0.7
• Samba 3.0.8
• Samba 3.0.9
• SGI ProPack 3.0.0 SP6
• Slackware Linux 10.0.0
• Slackware Linux 10.1.0
• Slackware Linux 10.2.0
• Slackware Linux 11.0
• Sun SAMBA
• Sun Solaris 10 X86
• Sun Solaris 9 Sparc
• Sun Solaris 9 X86
• SuSE Linux 10.0 Ppc
• SuSE Linux 10.0 X86
• SuSE Linux 10.0 X86-64
• SuSE Linux 10.1 Ppc
• SuSE Linux 10.1 X86
• SuSE Linux 10.1 X86-64
• SuSE Linux Desktop 1.0.0
• SuSE Linux Openexchange Server
• SuSE Linux Personal 10.0.0 OSS
• SuSE Linux Personal 10.1
• SuSE Linux Personal 10.2
• SuSE Linux Personal 10.2 X86 64
• SuSE Linux Professional 10.0.0
• SuSE Linux Professional 10.0.0 OSS
• SuSE Linux Professional 10.1
• SuSE Linux Professional 10.2
• SuSE Linux Professional 10.2 X86 64
• SuSE Novell Linux Desktop 1.0.0
• SuSE Novell Linux Desktop 9.0.0
• SuSE Novell Linux POS 9
• SuSE openSUSE 10.2
• SuSE SUSE Linux Enterprise Desktop 10
• SuSE SUSE Linux Enterprise Server 10
• SuSE SUSE Linux Enterprise Server 8
• SuSE SUSE Linux Enterprise Server 9
• SuSE SuSE Linux Openexchange Server 4.0.0
• SuSE SUSE LINUX Retail Solution 8.0.0
• SuSE SuSE Linux School Server for i386
• SuSE SuSE Linux Standard Server 8.0.0
• SuSE UnitedLinux 1.0.0
• Trustix Secure Enterprise Linux 2.0.0
• Trustix Secure Linux 2.2.0
• Trustix Secure Linux 3.0.0
• Trustix Secure Linux 3.0.5
• Turbolinux Appliance Server 1.0.0 Hosting Edition
• Turbolinux Appliance Server 1.0.0 Workgroup Edition
• Turbolinux Appliance Server 2.0
• Turbolinux Appliance Server Hosting Edition 1.0.0
• Turbolinux Appliance Server Workgroup Edition 1.0.0
• Turbolinux FUJI
• Turbolinux Home
• Turbolinux Multimedia
• Turbolinux Personal
• Turbolinux 10 F...
• Turbolinux FUJI
• Turbolinux Turbolinux Desktop 10.0.0
• Turbolinux Turbolinux Server 10.0.0
• Turbolinux Turbolinux Server 10.0.0 X64
• Turbolinux Turbolinux Server 8.0.0
• VMWare ESX 2.1.3
• VMWare ESX Server 2.0.2
• VMWare ESX Server 2.0.2 Patch 1
• VMWare ESX Server 2.0.2 Patch 2
• VMWare ESX Server 2.0.2 Patch 4
• VMWare ESX Server 2.0.2 Patch 5
• VMWare ESX Server 2.1.3
• VMWare ESX Server 2.1.3 Patch 1
• VMWare ESX Server 2.1.3 Patch 2
• VMWare ESX Server 2.1.3 Patch 5
• VMWare ESX Server 2.5.3
• VMWare ESX Server 2.5.3 Patch 2
• VMWare ESX Server 2.5.3 Patch 4
• VMWare ESX Server 2.5.3 Patch 5
• VMWare ESX Server 2.5.3 Patch 6
• VMWare ESX Server 2.5.3 Patch 7
• VMWare ESX Server 2.5.3 Patch 8
• VMWare ESX Server 2.5.4
• VMWare ESX Server 2.5.4 Patch 1
• VMWare ESX Server 2.5.4 Patch 3
• VMWare ESX Server 2.5.4 Patch 5
• VMWare ESX Server 3.0.0
• VMWare ESX Server 3.0.1
• Xerox WorkCentre 232
• Xerox WorkCentre 238
• Xerox WorkCentre 245
• Xerox WorkCentre 255
• Xerox WorkCentre 265
• Xerox WorkCentre 275
• Xerox WorkCentre Pro 232
• Xerox WorkCentre Pro 238
• Xerox WorkCentre Pro 245
• Xerox WorkCentre Pro 255
• Xerox WorkCentre Pro 265
• Xerox WorkCentre Pro 275

References

• BugTraq: 23972
• CVE: CVE-2007-2447