Security update for Samba
The development team behind the open source file server Samba have released version 3.2.3, which fixes a vulnerability that allows restricted users logged onto the system to escalate their privileges. According to reports, the cause of the problem is that anyone can edit the file group_mapping.ldb
, and can therefore map any SID to root, or to other users or groups.
Versions 3.2.0 to 3.2.2 are affected. As well as the new version, patches for existing versions are also available. The developers advise administrators to act without delay. Alternatively, as a workaround file permissions for the file can be set to 600 using chmod
.
See also:
- Wrong permissions of group_mapping.ldb, the Samba developers' error report.
(trk)