Lucene search

K

Veracode Vulnerability DatabaseVERACODE:23142

HistoryApr 10, 2020 - 12:17 a.m.

Privilege Escalation

2020-04-1000:17:28

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

samba is vulnerable to privilege escalation. A flaw was found in the way Samba assigned group IDs under certain conditions. If the “winbind nss info” parameter in smb.conf is set to either “sfu” or “rfc2307”, Samba users are incorrectly assigned the group ID of 0.

CPENameOperatorVersion
sambaeq3.0.23c__2.el5.2
sambaeq3.0.23c__2.el5.2.0.2
sambaeq3.0.10__2.el4_5.1
sambaeq3.0.25b__0.el5.4
sambaeq3.0.23c__2.el5.2
sambaeq3.0.23c__2.el5.2.0.2
sambaeq3.0.10__2.el4_5.1
sambaeq3.0.25b__0.el5.4

References

docs.info.apple.com/article.html?artnum=307179

secunia.com/advisories/26764

secunia.com/advisories/26776

secunia.com/advisories/26795

secunia.com/advisories/26834

securityreason.com/securityalert/3135

slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.419439

www.redhat.com/security/updates/classification/#critical

www.redhat.com/support/errata/RHSA-2007-1016.html

www.redhat.com/support/errata/RHSA-2007-1017.html

www.samba.org/samba/security/CVE-2007-4138.html

www.securityfocus.com/archive/1/479078/100/0/threaded

www.securityfocus.com/bid/25636

www.securitytracker.com/id?1018681

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vupen.com/english/advisories/2007/3120

access.redhat.com/errata/RHSA-2007:1016

exchange.xforce.ibmcloud.com/vulnerabilities/36560

issues.rpath.com/browse/RPL-1705

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10375

www.redhat.com/archives/fedora-package-announce/2007-September/msg00201.html

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

Related for VERACODE:23142

samba1 openvas20 cve1 securityvulns2 prion1 debiancve1 freebsd1 nessus10 seebug1 ubuntucve1 slackware1 altlinux1 fedora1 oraclelinux2 redhat2 centos1