Red Hat Bugzilla – Bug 460150
CVE-2008-3789 samba: Group mapping information LDB file created with insecure permissions
Last modified: 2009-11-19 10:02:52 EST
Samba starting from version samba-3.2.0-*+ initially creates and after
removal recreates its TBD group mapping file (/var/lib/samba/group_mapping.ldb)
with file access permissions of 0666. This could allow a local unprivileged
system user write to this Samba tool critical file and potentially cause
a denial of service.
This issue does not affect the versions of the Samba package as shipped with
Red Hat Enterprise Linux 2.1, 3, 4 and 5.
This issue affects only versions of the Samba package as shipped within
the Fedora release, starting from F9.
samba-3.2.3-0.20.fc9 has been submitted as an update for Fedora 9.
samba-3.2.3-0.20.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.