CVE-2008-3789

Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073	Issue Tracking Third Party Advisory
http://samba.org/samba/security/CVE-2008-3789.html	Vendor Advisory
http://secunia.com/advisories/31601	Not Applicable Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/08/26/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/30837	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020770	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2440	Permissions Required Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44678	Third Party Advisory VDB Entry
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073	Issue Tracking Third Party Advisory
http://samba.org/samba/security/CVE-2008-3789.html	Vendor Advisory
http://secunia.com/advisories/31601	Not Applicable Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/08/26/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/30837	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020770	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2440	Permissions Required Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44678	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:50

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073 - Issue Tracking, Third Party Advisory~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073 - Issue Tracking, Third Party Advisory
References	~~() http://samba.org/samba/security/CVE-2008-3789.html - Vendor Advisory~~	() http://samba.org/samba/security/CVE-2008-3789.html - Vendor Advisory
References	~~() http://secunia.com/advisories/31601 - Not Applicable, Third Party Advisory~~	() http://secunia.com/advisories/31601 - Not Applicable, Third Party Advisory
References	~~() http://www.openwall.com/lists/oss-security/2008/08/26/2 - Mailing List, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2008/08/26/2 - Mailing List, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/30837 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/30837 - Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id?1020770 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id?1020770 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.vupen.com/english/advisories/2008/2440 - Permissions Required, Third Party Advisory~~	() http://www.vupen.com/english/advisories/2008/2440 - Permissions Required, Third Party Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/44678 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/44678 - Third Party Advisory, VDB Entry

Information

Published : 2008-08-27 20:41

Updated : 2024-11-21 00:50

NVD link : CVE-2008-3789

Mitre link : CVE-2008-3789

CVE.ORG link : CVE-2008-3789

JSON object : View

Products Affected

samba

samba

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

2.1 /10