Test ID:	1.3.6.1.4.1.25623.1.0.150727
Category:	General
Title:	Samba 3.2.0 <= 3.2.2 Elevate Privileges Vulnerability (CVE-2008-3789)
Summary:	Wrong permissions of group_mapping.ldb.
Description:	Summary: Wrong permissions of group_mapping.ldb. Vulnerability Insight: The file group_mapping.ldb is created with the permissions 0666. That means everyone is able to edit this file and gain additional access rights while connecting remotely to the Samba server. By manipulating the SID mappings contained in this file, it is also possible to establish a connection that runs in the privileged root context. Affected Software/OS: Samba versions 3.2.0 through 3.2.2. Solution: Update to version 3.2.3 or later. CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3789 BugTraq ID: 30837 http://www.securityfocus.com/bid/30837 http://www.openwall.com/lists/oss-security/2008/08/26/2 http://www.securitytracker.com/id?1020770 http://secunia.com/advisories/31601 http://www.vupen.com/english/advisories/2008/2440 XForce ISS Database: samba-groupmapping-security-bypass(44678) https://exchange.xforce.ibmcloud.com/vulnerabilities/44678
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.