EUVD-2007-4122

Malware in sbrugna...

openSUSE Security Update : samba (openSUSE-SU-2013:1339-1)

"This update of samba fixed the following issues : - The pamwinbind requiremembershipof option allows for a list of SID, but currently only provides buffer space for 20; bnc806501. - Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections;...

FreeBSD : samba -- nss_info plugin privilege escalation vulnerability (2bc96f18-683f-11dc-82b6-02e0185f8d72)

The Samba development team reports : The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the 'winbind nss info' smb.conf...

Code injection

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

CVE-2007-4138

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

CVE-2007-4138

The Winbind nssinfo extension nsswitch/idmapad.c in idmapad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the 1 RFC2307 or 2 Services for UNIX SFU primary group attribute is not defined...

Samba NSS_Info插件本地权限提升漏洞

BUGTRAQ ID: 25636 CVECAN ID: CVE-2007-4138 Samba是一套实现SMB（Server Messages Block）协议、跨平台进行文件共享和打印共享服务的程序。 idmapad.so库中为Winbind提供了nssinfo扩展用于从活动目录域控制台检索用户的主目录路径、登录shell和主组id等，可通过将winbind nss info的smb.conf选项定义为sfu或rfc2307来启用这个功能。 Windows的Identity Management for Unix和Services for Unix...

[SECURITY] Winbind's rfc2307 & SFU nss_info plugin in Samba 3.0.25[a-c] assigns users a primary gid of 0 by default

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Incorrect primary group assignment for == domain users using the rfc2307 or sfu == winbind nss info plugin. == == CVE ID: CVE-2007-4138 == == Versions: Samba 3.0.25 - 3.0.25c...

samba -- nss_info plugin privilege escalation vulnerability

The Samba development team reports: The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf...

Samba nss_info extension privilege escalation

Gid 0 is assigned to user, if "winbind nss info" configuration parameter has value "sfu" or "rfc2307"...