CVE-2007-4138

Impact:
Moderate
Public Date:
2007-09-11
Bugzilla:
286271: CVE-2007-4138 samba incorrect primary group assignment for domain users using the rfc2307 or sfu winbind nss info plugin

The MITRE CVE dictionary describes this issue as:

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

Find out more about CVE-2007-4138 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Not vulnerable. These issues did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 4 (samba) RHSA-2007:1016 2007-11-15
Red Hat Enterprise Linux 5 (samba) RHSA-2007:1017 2007-11-15

Acknowledgements

Red Hat would like to thank Rick King for responsibly disclosing this issue.

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.