Executive Summary

Informations
NameCVE-2007-4138First vendor Publication2007-09-13
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score6.9Attack RangeLocal
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score3.4AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides administrator access : Allows complete confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4138

CWE : Common Weakness Enumeration

idName
CWE-264Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10375
 
Oval ID: oval:org.mitre.oval:def:10375
Title: The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
Description: The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
Family: unix Class: vulnerability
Reference(s): CVE-2007-4138
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application4

Open Source Vulnerability Database (OSVDB)

idDescription
39178Samba idmap_ad.so Winbind nss_info Extension (nsswitch/idmap_ad.c) Local Priv...

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/25636
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/479078/100/0/threaded
CERThttp://www.us-cert.gov/cas/techalerts/TA07-352A.html
CONFIRMhttp://docs.info.apple.com/article.html?artnum=307179
http://www.samba.org/samba/security/CVE-2007-4138.html
https://issues.rpath.com/browse/RPL-1705
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2007-September/msg002...
REDHAThttp://www.redhat.com/support/errata/RHSA-2007-1016.html
http://www.redhat.com/support/errata/RHSA-2007-1017.html
SECTRACKhttp://www.securitytracker.com/id?1018681
SECUNIAhttp://secunia.com/advisories/26764
http://secunia.com/advisories/26776
http://secunia.com/advisories/26795
http://secunia.com/advisories/26834
SLACKWAREhttp://slackware.com/security/viewer.php?l=slackware-security&y=2007&...
SREASONhttp://securityreason.com/securityalert/3135
VUPENhttp://www.vupen.com/english/advisories/2007/3120
XFhttp://xforce.iss.net/xforce/xfdb/36560

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-11 10:33:26
  • Multiple Updates