FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-4138

This CVE name corresponds to:

Entered Topic
2007-09-21 samba -- nss_info plugin privilege escalation vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-4138 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-4138
Phase Assigned(20070802)

Description

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

References

Source Reference
BUGTRAQ 20070911 [SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default
CONFIRM http://www.samba.org/samba/security/CVE-2007-4138.html
CONFIRM https://issues.rpath.com/browse/RPL-1705
CONFIRM http://docs.info.apple.com/article.html?artnum=307179
FEDORA FEDORA-2007-2145
REDHAT RHSA-2007:1016
REDHAT RHSA-2007:1017
SLACKWARE SSA:2007-255-02
CERT TA07-352A
BID 25636
OVAL oval:org.mitre.oval:def:10375
VUPEN ADV-2007-3120
SECTRACK 1018681
SECUNIA 26764
SECUNIA 26776
SECUNIA 26795
SECUNIA 26834
SREASON 3135
XF samba-smb-privilege-escalation(36560)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.