A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper escaping of shell meta-characters. This vulnerability allows an attacker to achieve remote command execution on the affected system. This issue primarily affects non-standard configurations where the "check password script" is used with %u and the samba-dcerpcd service is started as a system service.
2:4.15.13+dfsg-0ubuntu1.122:4.19.5+dfsg-4ubuntu9.62:4.22.3+dfsg-4ubuntu2.42:4.23.6+dfsg-1ubuntu2.12:3.6.18-1ubuntu32:4.0.10+dfsg-4ubuntu22:4.0.13+dfsg-1ubuntu12:4.1.3+dfsg-2ubuntu22:4.1.3+dfsg-2ubuntu32:4.1.3+dfsg-2ubuntu42:4.1.3+dfsg-2ubuntu52:4.1.6+dfsg-1ubuntu12:4.1.6+dfsg-1ubuntu22:4.1.6+dfsg-1ubuntu2.14.04.1+43 more2:4.1.17+dfsg-4ubuntu22:4.1.20+dfsg-1ubuntu12:4.1.20+dfsg-1ubuntu22:4.1.20+dfsg-1ubuntu32:4.1.20+dfsg-1ubuntu52:4.3.11+dfsg-0ubuntu0.16.04.12:4.3.11+dfsg-0ubuntu0.16.04.102:4.3.11+dfsg-0ubuntu0.16.04.112:4.3.11+dfsg-0ubuntu0.16.04.122:4.3.11+dfsg-0ubuntu0.16.04.13+36 more2:4.6.7+dfsg-1ubuntu32:4.7.1+dfsg-1ubuntu12:4.7.3+dfsg-1ubuntu12:4.7.4+dfsg-1ubuntu12:4.7.6+dfsg~ubuntu-0ubuntu12:4.7.6+dfsg~ubuntu-0ubuntu22:4.7.6+dfsg~ubuntu-0ubuntu2.102:4.7.6+dfsg~ubuntu-0ubuntu2.112:4.7.6+dfsg~ubuntu-0ubuntu2.132:4.7.6+dfsg~ubuntu-0ubuntu2.14+22 more2:4.10.7+dfsg-0ubuntu22:4.10.7+dfsg-0ubuntu32:4.11.1+dfsg-3ubuntu12:4.11.1+dfsg-3ubuntu22:4.11.1+dfsg-3ubuntu42:4.11.5+dfsg-1ubuntu12:4.11.5+dfsg-1ubuntu22:4.11.6+dfsg-0ubuntu12:4.11.6+dfsg-0ubuntu1.12:4.11.6+dfsg-0ubuntu1.10+26 moreExploitability
AV:NAC:HPR:NUI:NScope
S:CImpact
C:HI:HA:HCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H