DEBIAN-CVE-2007-4138

DEBIAN-CVE-2007-4138 PUBLISHED

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

Affected Products

Vendor	Product	Versions
Debian:12	samba	0, 0, 0
Debian:11	samba	0, 0, 0
Debian:13	samba	0, 0, 0
Debian:14	samba	0, 0, 0

Timeline

Sep 14, 2007 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2007-4138 advisory

Open in Interactive Console →