CVE-2008-3789 — Incorrect Permission Assignment in Samba

CWE-732 — Incorrect Permission Assignment6 documents6 sources

Severity

2.1LOWNVD

EPSS

1.3%

top 20.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba

Timeline

PublishedAug 27

Latest updateMay 2

Description

Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDsamba/samba3.2.0 — 3.2.3

▶debiandebian/samba< samba 2:3.2.3-1 (bookworm)

▶Debiansamba/samba< 2:3.2.3-1+3

🔴Vulnerability Details

GHSA

GHSA-2x4j-x774-w5j9: Samba 3↗2022-05-02

▶

OSV

CVE-2008-3789: Samba 3↗2008-08-27

▶

📋Vendor Advisories

Red Hat

samba: Group mapping information LDB file created with insecure permissions↗2008-08-22

▶

Debian

CVE-2008-3789: samba - Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) g...↗2008

▶

💬Community

Bugzilla

CVE-2008-3789 samba: Group mapping information LDB file created with insecure permissions↗2008-08-26

▶