ADMIN - Explore the new world of system administration! Special introductory offer! Order by September 30th to save 10% off the regular subscription price! Each issue delivers technical solutions to the real-world problems you face every day. Learn the latest techniques for better:
network security
system management
troubleshooting
performance tuning
virtualization
cloud computing
on Windows, Linux, Solaris, and popular varieties of Unix.
The latest version of Samba, 3.0.26, removes a moderately critical vulnerability that only occurs in combination with Microsoft's Active Directory Service.
In some cases users were able to escalate privileges due to incorrect group assignments. The vulnerability was caused by faulty Winbind group assignments if users deployed the "winbind nss info - sfu" or "- rfc2307" plugins. For the attack to work, the primary group attributes had to be missing for "sfu" and "rfc2307".
According to the developers, Samba versions 3.0.25 through 3.0.25c are affected by the vulnerability. Besides the source code package, a patch for the new 3.0.26 version is also available as a download.
Comments