CVE-2007-4138

Severity

69%

Complexity

34%

Confidentiality

165%

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 17 years ago

2007-09-14 01:17:00

Last updated 6 years ago

2018-10-15 21:33:00

Affected Software

Samba 3.0.25

3.0.25

Samba 3.0.25a

3.0.25a

Samba 3.0.25b

3.0.25b

Samba 3.0.25c

3.0.25c

References

http://docs.info.apple.com/article.html?artnum=307179

26764

Patch, Vendor Advisory

26776

26795

26834

3135

SSA:2007-255-02

RHSA-2007:1016

RHSA-2007:1017

http://www.samba.org/samba/security/CVE-2007-4138.html

20070911 [SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default

25636

Patch

1018681

TA07-352A

US Government Resource

ADV-2007-3120

samba-smb-privilege-escalation(36560)

https://issues.rpath.com/browse/RPL-1705

oval:org.mitre.oval:def:10375

FEDORA-2007-2145

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.