Vigil@nce: Samba, bypass security restrictions via group_mapping.tdb
August 2008 by Vigil@nce
A local attacker can gain access to "group_mapping.tdb" file, in
order to read or modify informations from the Samba groups.
– Gravity: 2/4
– Consequences: data reading, data creation/edition
– Provenance: user account
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 27/08/2008
– Identifier: VIGILANCE-VUL-8064
IMPACTED PRODUCTS
- Unix - plateform
DESCRIPTION
Samba is an application working with Microsoft SMB protocol, this
one is used for network shares.
The "smbpasswd" and "tdbsam passdb" modules use the "
/usr/local/samba/var/locks/group_mapping.tdb" file to store
information on users and groups associated. A too high permission
on this file can be used by a local user to read and write on.
A local attacker can therefore gain access to "group_mapping.tdb"
file, in order to read or modify information from the Samba groups.
CHARACTERISTICS
– Identifiers: BID-30837, CVE-2008-3789, VIGILANCE-VUL-8064
– Url: https://vigilance.aql.fr/tree/1/8064