CVE-2007-4138 | Vulnerability Database | Aqua Security

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the winbind nss info option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.

Affected Software

Name	Vendor	Start Version	End Version
Samba	Samba	3.0.25 (including)	3.0.25 (including)
Samba	Samba	3.0.25a (including)	3.0.25a (including)
Samba	Samba	3.0.25b (including)	3.0.25b (including)
Samba	Samba	3.0.25c (including)	3.0.25c (including)
Red Hat Enterprise Linux 4	RedHat	samba-0:3.0.25b-1.el4_6.2	*
Red Hat Enterprise Linux 5	RedHat	samba-0:3.0.25b-1.el5_1.2	*
Samba	Ubuntu	devel	*
Samba	Ubuntu	upstream	*

References

http://docs.info.apple.com/article.html?artnum=307179
http://secunia.com/advisories/26764
http://secunia.com/advisories/26776
http://secunia.com/advisories/26795
http://secunia.com/advisories/26834
http://securityreason.com/securityalert/3135
http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.419439
http://www.redhat.com/support/errata/RHSA-2007-1016.html
http://www.redhat.com/support/errata/RHSA-2007-1017.html
http://www.samba.org/samba/security/CVE-2007-4138.html
http://www.securityfocus.com/archive/1/479078/100/0/threaded
http://www.securityfocus.com/bid/25636
http://www.securitytracker.com/id?1018681
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
http://www.vupen.com/english/advisories/2007/3120
https://exchange.xforce.ibmcloud.com/vulnerabilities/36560
https://issues.rpath.com/browse/RPL-1705
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10375
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00201.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-4138
CWE	https://cwe.mitre.org/data/definitions/264.html