CVE-2007-4138

Name of the Vulnerable Software and Affected Versions: Samba versions 3.0.25 through 3.0.25c Samba-common version 3.0.25b Samba-swat version 3.0.25b Samba-client version 3.0.25b

Description: The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. The Winbind nss info extension in idmap ad.so grants all local users the privileges of gid 0 when the RFC2307 or Services for UNIX (SFU) primary group attribute is not defined.

Recommendations: For Samba versions 3.0.25 through 3.0.25c, consider disabling the winbind nss info option or setting it to a value other than rfc2307 or sfu until a patch is available. For Samba-common version 3.0.25b, Samba-swat version 3.0.25b, and Samba-client version 3.0.25b, at the moment, there is no information about a newer version that contains a fix for this vulnerability.