New version of Samba fixes vulnerability
The Samba development team have announced version 3.0.26 (gzip file) of their free file and print server, which fixes a vulnerability. Under certain circumstances domain users using the rfc2307 or sfu "winbind nss info" plugins may be assigned to the wrong group and thus receive enhanced access privileges. According to reports, the bug only manifested itself in combination with Microsoft's Active Directory Services where the primary group attributes for RFC2307 or SFU had not been set.
The developers identify versions 3.0.25 to 3.0.25c as vulnerable. As well as the new version, a patch is also available.
- Incorrect primary group assignment domain users using the rfc2307 or sfu winbind nss info plugin, report from Samba.org