Samba.Arbitrary.Command.Injection

Release Date May 25, 2007
Severity critical
Impact System compromise: arbitrary command execution.
Description This indicates an attempt to exploit an input validation error in in Samba server. The MS-RPC functionality in smbd, part of Samba server, fails to properly validate user supplied parameters. This vulnerability can be exploited by remote attackers to inject and execute arbitrary shell commands. The vulnerable function is "_AddPrinterW" in Samba 3. It can be reached through an "AddPrinter" remote request.
Affected Products Samba versions 3.0.0 through 3.0.25rc3.
Recommended Actions Upgrade to Samba version 3.0.25 : http://us4.samba.org/samba/download/ Alternatively, apply patches : http://us4.samba.org/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2444.patch http://us4.samba.org/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2446.patch http://us4.samba.org/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447.patch
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2007-2447 CVE-2007-2444
Reference/s http://www.securityfocus.com/bid/23974 (BugTraq) http://www.securityfocus.com/bid/23972 (BugTraq) http://www.frsirt.com/english/advisories/2007/1805 (FrSIRT)

Fortinet