Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4138

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2007-4138
Last Modified 07 Mar 2011 09:57:52
Published 13 Sep 2007 09:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4138

Summary

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

Vulnerable Systems

Application

  • Samba 3.0.25

  • Samba 3.0.25a

  • Samba 3.0.25b

  • Samba 3.0.25c


References

CERT - TA07-352A

BID - 25636

SECUNIA - 26764

VUPEN - ADV-2007-3120

BUGTRAQ - 20070911 [SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default

CONFIRM - http://www.samba.org/samba/security/CVE-2007-4138.html

FEDORA - FEDORA-2007-2145

CONFIRM - https://issues.rpath.com/browse/RPL-1705

XF - samba-smb-privilege-escalation(36560)

SECTRACK - 1018681

REDHAT - RHSA-2007:1017

REDHAT - RHSA-2007:1016

SLACKWARE - SSA:2007-255-02

SREASON - 3135

SECUNIA - 26834

SECUNIA - 26795

SECUNIA - 26776

CONFIRM - http://docs.info.apple.com/article.html?artnum=307179


Last Updated: 27 May 2016 10:45:46