Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2007-4138

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

  • Published: Sep 14, 2007
  • Updated: Apr 13, 2023
  • CVE: CVE-2007-4138
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.9
  • AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
samba / samba 3.0.25b 3.0.25b.x
samba / samba 3.0.25a 3.0.25a.x
samba / samba 3.0.25c 3.0.25c.x
samba / samba 3.0.25 3.0.25.x