Samba Group Mappings File Insecure Permissions Local Security Vulnerability
BID:30837
Info
Samba Group Mappings File Insecure Permissions Local Security Vulnerability
| Bugtraq ID: | 30837 |
| Class: | Design Error |
| CVE: |
CVE-2008-3789 |
| Remote: | No |
| Local: | Yes |
| Published: | Aug 24 2008 12:00AM |
| Updated: | Apr 16 2015 06:03PM |
| Credit: | Sascha Herrmann |
| Vulnerable: |
Samba Samba 3.2.2 Samba Samba 3.2.1 Samba Samba 3.2 |
| Not Vulnerable: |
Samba Samba 3.2.3 |
Discussion
Samba Group Mappings File Insecure Permissions Local Security Vulnerability
Samba is prone to a local security vulnerability because it sets insecure permissions for a certain configuration file.
Successfully exploiting this issue allows a local attacker to modify Samba group-mapping information and bypass certain security restrictions.
This issue affects Samba 3.2.0 up to and including 3.2.2.
Samba is prone to a local security vulnerability because it sets insecure permissions for a certain configuration file.
Successfully exploiting this issue allows a local attacker to modify Samba group-mapping information and bypass certain security restrictions.
This issue affects Samba 3.2.0 up to and including 3.2.2.
Exploit / POC
Samba Group Mappings File Insecure Permissions Local Security Vulnerability
Attackers can use standard tools to exploit this issue.
Attackers can use standard tools to exploit this issue.
Solution / Fix
Samba Group Mappings File Insecure Permissions Local Security Vulnerability
Solution:
The vendor has released an update. Please see the references for more information.
Solution:
The vendor has released an update. Please see the references for more information.
References
Samba Group Mappings File Insecure Permissions Local Security Vulnerability
References:
References:
- Samba Homepage (Samba)
- samba: group_mapping.ldb created world writeable after manual deletion (Sascha Herrmann)
- CVE-2008-3789: Wrong permissions of group_mapping.ldb (Samba)