New Samba release 3.0.26 fixes following security issue [1]: Summary: When the "winbind nss info" parameter in smb.conf is set to either "sfu" or "rfc2307", Windows users are incorrectly assigned a primary gid of 0 in the absence of the RFC2307 or Services or Unix (SFU) primary group attributes. Description: The idmap_ad.so library provides an nss_info extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf option to either "sfu" or "rfc2307". Both the Windows "Identity Management for Unix" and "Services for Unix" MMC plug-ins allow a user to be assigned a primary group for Unix clients that differs from the user's Windows primary group. When the rfc2307 or sfu nss_info plugin has been enabled, in the absence of either the RFC2307 or SFU primary group attribute, Winbind will assign a primary group ID of 0 to the domain user queried using the getpwnam() C library call. Only affects versions: 3.0.25 - 3.0.25c Patch: [2] [1] http://www.samba.org/samba/security/CVE-2007-4138.html [2] http://www.samba.org/samba/ftp/patches/security/samba-3.0.25-CVE-2007-4138.patch Acknowledgements: Red Hat would like to thank Rick King for responsibly disclosing this issue.
This issue did not affect version of samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue does however affect the versions of Samba being shipped in Red Hat Enterprise Linux 4.6 and 5.1.
Fixed in affected products: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2007-1016.html http://rhn.redhat.com/errata/RHSA-2007-1017.html Fedora: updated to fixed upstream version