Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
References
Link | Resource |
---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073 | Issue Tracking Third Party Advisory |
http://samba.org/samba/security/CVE-2008-3789.html | Vendor Advisory |
http://secunia.com/advisories/31601 | Not Applicable Third Party Advisory |
http://www.openwall.com/lists/oss-security/2008/08/26/2 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/30837 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1020770 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2008/2440 | Permissions Required Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/44678 | Third Party Advisory VDB Entry |
Configurations
History
31 Oct 2022, 15:04
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-732 | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/2440 - Permissions Required, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/31601 - Not Applicable, Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1020770 - Broken Link, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/30837 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073 - Issue Tracking, Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44678 - Third Party Advisory, VDB Entry | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2008/08/26/2 - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://samba.org/samba/security/CVE-2008-3789.html - Vendor Advisory | |
CPE | cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* |
Information
Published : 2008-08-27 20:41
Updated : 2023-12-10 10:51
NVD link : CVE-2008-3789
Mitre link : CVE-2008-3789
CVE.ORG link : CVE-2008-3789
JSON object : View
Products Affected
samba
- samba
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource