Samba starting from version samba-3.2.0-*+ initially creates and after removal recreates its TBD group mapping file (/var/lib/samba/group_mapping.ldb) with file access permissions of 0666. This could allow a local unprivileged system user write to this Samba tool critical file and potentially cause a denial of service. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073 http://www.openwall.com/lists/oss-security/2008/08/26/3
This issue does not affect the versions of the Samba package as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5. This issue affects only versions of the Samba package as shipped within the Fedora release, starting from F9.
Upstream advisory: http://www.samba.org/samba/security/CVE-2008-3789.html Upstream patches: http://www.samba.org/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-1.patch http://www.samba.org/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patch
samba-3.2.3-0.20.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/samba-3.2.3-0.20.fc9
samba-3.2.3-0.20.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.