VDB
CVE-2007-4138
CVE-2007-4138
PUBLISHED
Reported by redhat · Published September 14, 2007
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, n/a |
Timeline
- Sep 14, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- x_refsource_CONFIRM
- RHSA-2007:1016 vendor-advisoryx_refsource_REDHAT
- 25636 vdb-entryx_refsource_BID
- 20070911 [SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default mailing-listx_refsource_BUGTRAQ
- TA07-352A third-party-advisoryx_refsource_CERT
- SSA:2007-255-02 vendor-advisoryx_refsource_SLACKWARE
- 3135 third-party-advisoryx_refsource_SREASON
- ADV-2007-3120 vdb-entryx_refsource_VUPEN
- 26764 third-party-advisoryx_refsource_SECUNIA
- 26834 third-party-advisoryx_refsource_SECUNIA
- 26795 third-party-advisoryx_refsource_SECUNIA
- 1018681 vdb-entryx_refsource_SECTRACK
- FEDORA-2007-2145 vendor-advisoryx_refsource_FEDORA
- x_refsource_CONFIRM
- samba-smb-privilege-escalation(36560) vdb-entryx_refsource_XF
- x_refsource_CONFIRM
- oval:org.mitre.oval:def:10375 vdb-entrysignaturex_refsource_OVAL
- 26776 third-party-advisoryx_refsource_SECUNIA
- RHSA-2007:1017 vendor-advisoryx_refsource_REDHAT