3.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
6.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
0.002 Low
EPSS
Percentile
56.7%
During the creation of a new Samba AD DC, files are created in a the
private/ subdirectory of our install location. This directory is
typically mode 0700, that is owner (root) only access. However in
some upgraded installations it will have other permissions, such as
0755, because this was the default before Samba 4.8.
Within this directory files are created with mode 0666,
that is world-writable, including a sample krb5.conf and the list of
DNS names and servicePrincipalName values to update.
Patches addressing both these issues have been posted to:
http://www.samba.org/samba/security/
Additionally, Samba 4.9.6 and 4.10.2 have been issued as security
releases to correct the defect. Samba administrators are advised to
upgrade to these releases or apply the patch as soon as possible.
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H (6.1)
This score is calculated based on modification to the dns_update_list
or spn_update_list files in a default configuration.
Administrators who rely on these files in other ways might have a
higher score. For example, the sample krb5.conf might be read as
input to Kerberos tools or used as the system-wide krb5.conf
(potentially via a symlink).
Upgrading Samba will not change the file or directory permissions for
an existing installation, it will just avoid the issue for new
installations.
Assuming Samba is installed in the default location as root run:
chmod 0700 /usr/local/samba/private
The private directory can be found in the listing from
smbd -b| grep PRIVATE_DIR
Alternatively remove world-write permission from any files with:
chmod o-w /usr/local/samba/private/*
Originally reported by BjΓΆrn Baumbach of the Samba Team and SerNet.
Patches provided by Andrew Bartlett of the Samba Team and Catalyst,
advisory written by Andrew Bartlett of the Samba Team and Catalyst.
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
3.6 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
6.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
0.002 Low
EPSS
Percentile
56.7%