CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
33.3%
The file group_mapping.ldb is created with the permissions 0666. That means
everyone is able to edit this file and gain additional access rights while
connecting remotely to the Samba server. By manipulating the SID mappings
contained in this file, it is also possible to establish a connection that runs
in the privileged root context.
Two patches addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 3.2.3 has been issued as a security
release to correct the defect. Samba administrators are
advised to upgrade to 3.2.3 or apply the patch as soon
as possible.
As a temporary workaround file permissions of the group_mapping.ldb can be set
to 0600 manually. Note that these permissions are discarded by newly created
group_mapping.ldb files.
This issue was initially reported as a Debian bug #496073.
The time line is as follows:
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team