CVE-2007-2447

EPSS 77.38% · P99 Updated Nov 05, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-2447

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Samba MS-RPC Shell命令注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。 Samba在处理用户数据时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上执行任意命令。 Samba中负责在SAM数据库更新用户口令的代码未经过滤便将用户输入传输给了/bin/sh。如果在调用smb.conf中定义的外部脚本时，通过对/bin/sh的MS-RPC调用提交了恶意输入的话，就可能允许攻击者以nobody用户的权限执

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2007-2447

#	POC Description	Source Link	Shenlong Link
1	CVE-2007-2447 - Samba usermap script	https://github.com/amriunix/CVE-2007-2447	POC Details
2	A simple exploit for CVE-2007-2447	https://github.com/b1fair/smb_usermap	POC Details
3	Remote Command Injection Vulnerability (CVE-2007-2447), allows remote attackers to execute arbitrary commands by specifying a Samba username containing shell meta characters.	https://github.com/JoseBarrios/CVE-2007-2447	POC Details
4	None	https://github.com/3x1t1um/CVE-2007-2447	POC Details
5	Exploit for the vulnerability CVE-2007-2447	https://github.com/xlcc4096/exploit-CVE-2007-2447	POC Details
6	None	https://github.com/WildfootW/CVE-2007-2447_Samba_3.0.25rc3	POC Details
7	Python implementation of 'Username' map script' RCE Exploit for Samba 3.0.20 < 3.0.25rc3 (CVE-2007-2447).	https://github.com/Ziemni/CVE-2007-2447-in-Python	POC Details
8	None	https://github.com/0xKn/CVE-2007-2447	POC Details
9	Exploit Samba	https://github.com/ozuma/CVE-2007-2447	POC Details
10	Samba 3.0.20 username map script exploit	https://github.com/un4gi/CVE-2007-2447	POC Details
11	cve-2007-2447 this script was rewrite the part of Metasploit modules to python3	https://github.com/G01d3nW01f/CVE-2007-2447	POC Details
12	Samba usermap script.	https://github.com/cherrera0001/CVE-2007-2447	POC Details
13	CVE-2007-2447 - Samba usermap script	https://github.com/Alien0ne/CVE-2007-2447	POC Details
14	None	https://github.com/3t4n/samba-3.0.24-CVE-2007-2447-vunerable-	POC Details
15	Exploit code for CVE-2007-2447 written in Python3.	https://github.com/xbufu/CVE-2007-2447	POC Details
16	None	https://github.com/s4msec/CVE-2007-2447	POC Details
17	None	https://github.com/0xConstant/CVE-2007-2447	POC Details
18	CVE-2007-2447	https://github.com/Nosferatuvjr/Samba-Usermap-exploit	POC Details
19	None	https://github.com/testaross4/CVE-2007-2447	POC Details
20	CVE-2007-2447 samba remote code execution	https://github.com/mr-l0n3lly/CVE-2007-2447	POC Details
21	CVE-2007-2447 exploit written in python to get reverse shell	https://github.com/HerculesRD/PyUsernameMapScriptRCE	POC Details
22	automated script for exploiting CVE-2007-2447	https://github.com/Aviksaikat/CVE-2007-2447	POC Details
23	None	https://github.com/crypticdante/CVE-2007-2447	POC Details
24	Exploit i used in HTB	https://github.com/bdunlap9/CVE-2007-2447_python	POC Details
25	Samba 3.0.20	https://github.com/MikeRega7/CVE-2007-2447-RCE	POC Details
26	Samba Reverse Shell	https://github.com/0xTabun/CVE-2007-2447	POC Details
27	None	https://github.com/ShivamDey/Samba-CVE-2007-2447-Exploit	POC Details
28	None	https://github.com/H3xL00m/CVE-2007-2447	POC Details
29	None	https://github.com/n3ov4n1sh/CVE-2007-2447	POC Details
30	Samba 3.0.0 - 3.0.25rc3	https://github.com/Juantos/cve-2007-2447	POC Details
31	None	https://github.com/c0d3cr4f73r/CVE-2007-2447	POC Details
32	Exploit Samba smbd 3.0.20-Debian	https://github.com/Sp3c73rSh4d0w/CVE-2007-2447	POC Details
33	This is a exploit for CVE-2007-2447; Vulnerable SMB	https://github.com/IamLucif3r/CVE-2007-2447-Exploit	POC Details
34	Exploit Samba smbd 3.0.20-Debian	https://github.com/0xwh1pl4sh/CVE-2007-2447	POC Details
35	Exploit Samba smbd 3.0.20-Debian	https://github.com/N3rdyN3xus/CVE-2007-2447	POC Details
36	Exploit Samba smbd 3.0.20-Debian	https://github.com/NyxByt3/CVE-2007-2447	POC Details
37	Exploit Samba smbd 3.0.20-Debian	https://github.com/h3xcr4ck3r/CVE-2007-2447	POC Details
38	Exploit Samba smbd 3.0.20-Debian	https://github.com/n3rdh4x0r/CVE-2007-2447	POC Details
39	None	https://github.com/banomaly/CVE-2007-2447	POC Details
40	None	https://github.com/foudadev/CVE-2007-2447	POC Details
41	CVE-2007-2447 samba remote code execution	https://github.com/b3m0x00/CVE-2007-2447	POC Details
42	CVE-2007-2447 samba remote code execution	https://github.com/b33m0x00/CVE-2007-2447	POC Details
43	None	https://github.com/elphon/CVE-2007-2447-Exploit	POC Details
44	Exploit Samba smbd 3.0.20-Debian	https://github.com/h3x0v3rl0rd/CVE-2007-2447	POC Details
45	None	https://github.com/DevinLiggins14/SMB-PenTest-Exploiting-CVE-2007-2447-on-Metasploitable-2	POC Details
46	just remeber how small mistake in santisize username could give yoy root access to the full machine	https://github.com/MrRoma577/exploit_cve-2007-2447_again	POC Details
47	A Rust implementation of the CVE-2007-2447 exploit targeting Samba smbd 3.0.20-Debian.	https://github.com/nika0x38/CVE-2007-2447	POC Details
48	Hands-on pentest project using Kali Linux vs Metasploitable2. Includes full workflow: Nmap scanning, enumeration, Metasploit exploitation (Samba CVE-2007-2447), post-exploitation validation, and mitigation steps. Repo contains commands, outputs, and report showing both offensive techniques and defensive recommendations.	https://github.com/SeifEldienAhmad/Penetration-Testing-on-Metasploitable2	POC Details
49	None	https://github.com/nulltrace1336/Samba-Exploit-CVE-2007-2447	POC Details
50	None	https://github.com/abdulsaabir/CVE-2007-2447	POC Details
51	Samba 3.0.20 CVE-2007-2447 Exploit	https://github.com/r0tn3x/CVE-2007-2447	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2007-2447

请登录查看更多情报信息。

https://issues.rpath.com/browse/RPL-1366x_refsource_CONFIRM
http://docs.info.apple.com/article.html?artnum=306172x_refsource_CONFIRM
http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdfx_refsource_CONFIRM
http://www.samba.org/samba/security/CVE-2007-2447.htmlx_refsource_CONFIRM
http://securityreason.com/securityalert/2700third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/25246third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25259third-party-advisoryx_refsource_SECUNIA
http://www.osvdb.org/34700vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/28292third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26083third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/25159vdb-entryx_refsource_BID
http://secunia.com/advisories/25255third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25251third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25257third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25567third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25256third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26235third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25241third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27706third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26909third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25675third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25772third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25289third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/23972vdb-entryx_refsource_BID
http://secunia.com/advisories/25270third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/25232third-party-advisoryx_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102964-1vendor-advisoryx_refsource_SUNALERT
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1vendor-advisoryx_refsource_SUNALERT
http://www.securitytracker.com/id?1018051vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2007/dsa-1291vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-460-1vendor-advisoryx_refsource_UBUNTU
http://www.trustix.org/errata/2007/0017/vendor-advisoryx_refsource_TRUSTIX
http://www.kb.cert.org/vuls/id/268336third-party-advisoryx_refsource_CERT-VN
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01078980vendor-advisoryx_refsource_HP
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768vendor-advisoryx_refsource_HP
http://www.vupen.com/english/advisories/2007/2210vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/0050vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/3229vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2281vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/1805vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2079vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/2732vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDKSA-2007:104vendor-advisoryx_refsource_MANDRIVA
http://security.gentoo.org/glsa/glsa-200705-15.xmlvendor-advisoryx_refsource_GENTOO
http://www.redhat.com/support/errata/RHSA-2007-0354.htmlvendor-advisoryx_refsource_REDHAT
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906vendor-advisoryx_refsource_SLACKWARE
http://www.novell.com/linux/security/advisories/2007_14_sr.htmlvendor-advisoryx_refsource_SUSE
http://lists.suse.com/archive/suse-security-announce/2007-May/0006.htmlvendor-advisoryx_refsource_SUSE
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.htmlvendor-advisoryx_refsource_OPENPKG
http://www.securityfocus.com/archive/1/468670/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534third-party-advisoryx_refsource_IDEFENSE
http://www.securityfocus.com/archive/1/468565/100/0/threadedmailing-listx_refsource_BUGTRAQ
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.htmlmailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2007-2447

Same Patch Batch · n/a · 2007-05-14 · 41 CVEs total

CVE-2007-2668		Webdesproxy GET Request 缓冲区溢出漏洞
CVE-2007-2659		PhpATM 'Index.PHP' 目录遍历漏洞
CVE-2007-2660		Vincent Blavet PhpConcept Library PHP远程文件包含漏洞
CVE-2007-2661		BlogMe 'Archshow.ASP' SQL注入漏洞
CVE-2007-2662		EfesTECH Haber 多个SQL注入漏洞
CVE-2007-2663		Beacon 'Splash.lang.PHP' languagePath参数远程文件包含漏洞
CVE-2007-2664		Yaap 'common.php' PHP远程文件包含漏洞
CVE-2007-2665		RETIRED: PHPFirstPost 'Block.PHP' 远程文件包含漏洞
CVE-2007-2666		Notepad++ Ruby源文件处理远程栈溢出漏洞
CVE-2007-2667		DB Software Laboratory VImpX控件远程栈溢出漏洞
CVE-2007-2658		ID Automation Linear Barcode ActiveX控件远程栈溢出漏洞
CVE-2007-2669		PHPChain 多个跨站脚本攻击漏洞
CVE-2007-2670		PHPChain 多个跨站脚本攻击漏洞
CVE-2007-2671		Mozilla Firefox HREF属性拒绝服务漏洞
CVE-2007-2672		PHP Coupon Script 'index.php' SQL注入漏洞
CVE-2007-2673		Censura 'Censura.PHP' SQL注入漏洞
CVE-2007-2674		Pre Shopping Mall 'Detail.PHP' SQL注入漏洞
CVE-2007-2675		Pre Classifieds Listings 'search.php' SQL注入漏洞
CVE-2007-2676		Open Translation Engine 'Header.PHP'远程文件包含漏洞
CVE-2007-2677		PHPChess Root_Path 'language.php' 多个远程文件包含漏洞

Showing top 20 of 41 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2007-2447

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2007-2447

I. Basic Information for CVE-2007-2447

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2007-2447

III. Intelligence Information for CVE-2007-2447

Same Patch Batch · n/a · 2007-05-14 · 41 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2007-2447

Leave a comment