Upstream information
Description
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
National Vulnerability Database | |
---|---|
Base Score | 6 |
Vector | AV:N/AC:M/Au:S/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | Single |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SA:2007:031, published Mon, 21 May 2007 16:00:00 +0000
- SUSE-SR:2007:011, published Wed, 16 May 2007 15:00:00 +0000
- SUSE-SR:2007:014, published Fri, 20 Jul 2007 12:00:00 +0000
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA libldb-devel-3.6.3-0.58.1 |
SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA cifs-mount-3.4.3-1.17.2 |
SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA cifs-utils-5.1-0.4.9 SUSE Linux Enterprise Server 11 SP2 GA ldapsmb-1.34b-12.18.3 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA cifs-utils-5.1-0.11.1 SUSE Linux Enterprise Server 11 SP3 GA ldapsmb-1.34b-12.39.1 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA cifs-utils-5.1-0.14.46 SUSE Linux Enterprise Server 11 SP4 GA ldapsmb-1.34b-12.58.1 SUSE Linux Enterprise Server 11 SP4 GA libtevent0-x86-3.6.3-0.39.1 SUSE Linux Enterprise Software Development Kit 11 SP4 GA libldb-devel-3.6.3-0.58.1 |
SUSE Linux Micro 6.0 |
| Patchnames: SUSE Linux Micro 6.0 GA cifs-utils-7.0-2.9 SUSE Linux Micro 6.0 GA samba-client-libs-4.19.4+git.339.acf1ccaa02-1.22 |
SUSE Linux Micro 6.1 |
| Patchnames: SUSE Linux Micro 6.1 GA cifs-utils-7.0-slfo.1.1_1.1 SUSE Linux Micro 6.1 GA samba-client-libs-4.20.2+git.348.4fb6af61307-slfo.1.1_1.8 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-10683 openSUSE-Tumbleweed-2024-11365 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 03:26:21 2013CVE page last modified: Tue Dec 17 16:13:04 2024