CVE-2007-4138
EPSS 0.11%
Description
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for UNIX (SFU) primary group attribute is not defined.
How to fix CVE-2007-4138
To remediate CVE-2007-4138, upgrade the affected package to a fixed version below.
- Debian/samba—upgrade to 3.0.26-1 or later
Is CVE-2007-4138 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.0.26-1