openSUSE 10 Security Update : samba (samba-2584)

"A logic error in the deferred open code can lead to an infinite loop in Samba's smbd daemon. In addition the following changes are included with these packages : - Disable broken DCERPC funnel patch; 242833. - Avoid winbind event handler for internal domains. - Fix smbcontrol winbind offline;...

openSUSE 10 Security Update : samba (samba-1830)

Prevent potential crash in winbindd's credential cache handling; 184450. - Fix memory exhaustion DoS; CVE-2006-3403; 190468. - Fix the munlock call, samba.org svn rev r16755 from Volker. - Change the kerberos principal for LDAP authentication to netbios-name$@realm from host/name@realm; 184450. -...

openSUSE 10 Security Update : samba (samba-3827)

The previous security fix for CVE-2007-2447 missed one character in the shell escape handling. Also fixed were some regressions introduced by the previous update. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSU...

FreeBSD : samba -- nss_info plugin privilege escalation vulnerability (2bc96f18-683f-11dc-82b6-02e0185f8d72)

The Samba development team reports : The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the 'winbind nss info' smb.conf...

Code injection

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

CVE-2007-4138

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

CVE-2007-4138

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

DEBIAN-CVE-2007-4138

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

CVE-2007-4138

CVE-2007-4138 affects Samba 3.0.25 through 3.0.25c. The Winbind nss_info extension (nsswitch/idmap_ad.c) can grant all local users the privileges of gid 0 when winbind nss info is set to RFC2307 or SFU and the primary group attribute is not defined. This is a local privilege escalation vulnerabil...

CVE-2007-4138

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

CVE-2007-4138

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

Samba NSS_Info插件本地权限提升漏洞

BUGTRAQ ID: 25636 CVECAN ID: CVE-2007-4138 Samba是一套实现SMB（Server Messages Block）协议、跨平台进行文件共享和打印共享服务的程序。 idmapad.so库中为Winbind提供了nssinfo扩展用于从活动目录域控制台检索用户的主目录路径、登录shell和主组id等，可通过将winbind nss info的smb.conf选项定义为sfu或rfc2307来启用这个功能。 Windows的Identity Management for Unix和Services for Unix...

Incorrect primary group assignment for

Description The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf option to either "sfu" or...

[SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Incorrect primary group assignment for == domain users using the rfc2307 or sfu == winbind nss info plugin. == == CVE ID: CVE-2007-4138 == == Versions: Samba 3.0.25 - 3.0.25c...

samba -- nss_info plugin privilege escalation vulnerability

The Samba development team reports: The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf...

Samba nss_info extension privilege escalation

Gid 0 is assigned to user, if "winbind nss info" configuration parameter has value "sfu" or "rfc2307"...

Buffer overrun in NSS host lookup Winbind

Description NOTE: This security advisory only affects Sun Solaris systems running Samba's winbindd daemon and configured to make use of the nsswinbind.so.1 library for gethostbyname and getipnodebyname name resolution queries. For example, /etc/nsswitch.conf ... ipnodes: files winbind hosts: file...

Debian DSA-1106-1 : ppp - programming error

Marcus Meissner discovered that the winbind plugin in pppd does not check whether a setuid call has been successful when trying to drop privileges, which may fail with some PAM configurations. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Slackware 10.0 / 10.1 / 10.2 / current : Samba 2.0.23 repackaged (SSA:2006-200-01)

New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current. In Slackware 10.0, 10.1, and 10.2, Samba was evidently picking up the libdm.so.0 library causing a Samba package issued primarily as a security patch to suddenly require a library that would only be present on the...

[slackware-security] Samba 2.0.23 repackaged

New Samba packages are available for Slackware 10.0, 10.1, 10.2, and -current. In Slackware 10.0, 10.1, and 10.2, Samba was evidently picking up the libdm.so.0 library causing a Samba package issued primarily as a security patch to suddenly require a library that would only be present on the...