6.9

CVE-2007-4138

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version3.0.25
SambaSamba Version3.0.25a
SambaSamba Version3.0.25b
SambaSamba Version3.0.25c
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.72% 0.492
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://docs.info.apple.com/article.html?artnum=307179
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
US Government Resource
http://secunia.com/advisories/26764
Patch
Vendor Advisory
http://secunia.com/advisories/26776
http://secunia.com/advisories/26795
http://secunia.com/advisories/26834
http://securityreason.com/securityalert/3135
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.419439
http://www.redhat.com/support/errata/RHSA-2007-1016.html
http://www.redhat.com/support/errata/RHSA-2007-1017.html
http://www.samba.org/samba/security/CVE-2007-4138.html
http://www.securityfocus.com/archive/1/479078/100/0/threaded
http://www.securityfocus.com/bid/25636
Patch
http://www.securitytracker.com/id?1018681
http://www.vupen.com/english/advisories/2007/3120
https://exchange.xforce.ibmcloud.com/vulnerabilities/36560
https://issues.rpath.com/browse/RPL-1705
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10375
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00201.html