The latest version of Samba, 3.0.26, removes a moderately critical vulnerability that only occurs in combination with Microsoft's Active Directory Service.
In some cases users were able to escalate privileges due to incorrect group assignments. The vulnerability was caused by faulty Winbind group assignments if users deployed the "winbind nss info - sfu" or "- rfc2307" plugins. For the attack to work, the primary group attributes had to be missing for "sfu" and "rfc2307".
According to the developers, Samba versions 3.0.25 through 3.0.25c are affected by the vulnerability. Besides the source code package, a patch for the new 3.0.26 version is also available as a download.
Look here for archived tutorials and talks from USENIX Security '08. Each comprises a video and recorded presentation slides which are shown parallel to the talk.
Comments