Executive Summary

Informations
NameCVE-2007-4138First vendor Publication2007-09-13
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score6.9Attack RangeLocal
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score3.4AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10375
 
Oval ID: oval:org.mitre.oval:def:10375
Title: The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
Description: The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4138
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application4

OpenVAS Exploits

DateDescription
2009-10-13Name : Solaris Update for Samba 119757-16
File : nvt/gb_solaris_119757_16.nasl
2009-10-13Name : Solaris Update for Samba 119758-16
File : nvt/gb_solaris_119758_16.nasl
2009-09-23Name : Solaris Update for Samba 119757-15
File : nvt/gb_solaris_119757_15.nasl
2009-09-23Name : Solaris Update for Samba 119758-15
File : nvt/gb_solaris_119758_15.nasl
2009-06-03Name : Solaris Update for Samba 119757-14
File : nvt/gb_solaris_119757_14.nasl
2009-06-03Name : Solaris Update for Samba 119758-14
File : nvt/gb_solaris_119758_14.nasl
2009-02-27Name : Fedora Update for samba FEDORA-2007-2145
File : nvt/gb_fedora_2007_2145_samba_fc7.nasl
2008-09-04Name : FreeBSD Ports: samba
File : nvt/freebsd_samba11.nasl
0000-00-00Name : Slackware Advisory SSA:2007-255-02 samba
File : nvt/esoft_slk_ssa_2007_255_02.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
39178Samba idmap_ad.so Winbind nss_info Extension (nsswitch/idmap_ad.c) Local Priv...

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-1016.nasl - Type : ACT_GATHER_INFO
2013-06-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-1016.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071115_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-11-18Name : The remote Samba server is affected by a local privilege escalation vulnerabi...
File : samba_3_0_26.nasl - Type : ACT_GATHER_INFO
2007-11-16Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1016.nasl - Type : ACT_GATHER_INFO
2007-11-16Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1017.nasl - Type : ACT_GATHER_INFO
2007-11-06Name : The remote Fedora host is missing a security update.
File : fedora_2007-2145.nasl - Type : ACT_GATHER_INFO
2007-09-24Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_2bc96f18683f11dc82b602e0185f8d72.nasl - Type : ACT_GATHER_INFO
2007-09-14Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2007-255-02.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/25636
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/479078/100/0/threaded
CERThttp://www.us-cert.gov/cas/techalerts/TA07-352A.html
CONFIRMhttp://docs.info.apple.com/article.html?artnum=307179
http://www.samba.org/samba/security/CVE-2007-4138.html
https://issues.rpath.com/browse/RPL-1705
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2007-September/msg002...
REDHAThttp://www.redhat.com/support/errata/RHSA-2007-1016.html
http://www.redhat.com/support/errata/RHSA-2007-1017.html
SECTRACKhttp://www.securitytracker.com/id?1018681
SECUNIAhttp://secunia.com/advisories/26764
http://secunia.com/advisories/26776
http://secunia.com/advisories/26795
http://secunia.com/advisories/26834
SLACKWAREhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&...
SREASONhttp://securityreason.com/securityalert/3135
VUPENhttp://www.vupen.com/english/advisories/2007/3120
XFhttp://xforce.iss.net/xforce/xfdb/36560

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:41:12
  • Multiple Updates
2013-05-11 10:33:26
  • Multiple Updates