Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Samba | Samba | 4.0.0 (including) | 4.3.13 (excluding) |
| Samba | Samba | 4.4.0 (including) | 4.4.8 (excluding) |
| Samba | Samba | 4.5.0 (including) | 4.5.3 (excluding) |
| Red Hat Enterprise Linux 6 | RedHat | samba-0:3.6.23-41.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | samba4-0:4.2.10-9.el6 | * |
| Red Hat Enterprise Linux 7 | RedHat | samba-0:4.4.4-13.el7_3 | * |
| Red Hat Gluster Storage 3.2 for RHEL 6 | RedHat | samba-0:4.4.6-4.el6rhs | * |
| Red Hat Gluster Storage 3.2 for RHEL 7 | RedHat | samba-0:4.4.6-4.el7rhgs | * |
| Samba | Ubuntu | devel | * |
| Samba | Ubuntu | trusty | * |
| Samba | Ubuntu | xenial | * |
| Samba | Ubuntu | yakkety | * |
| Samba | Ubuntu | zesty | * |
| Samba4 | Ubuntu | precise | * |