CVE-2008-3789

Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073	Issue Tracking Third Party Advisory
http://samba.org/samba/security/CVE-2008-3789.html	Vendor Advisory
http://secunia.com/advisories/31601	Not Applicable Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/08/26/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/30837	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020770	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2440	Permissions Required Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44678	Third Party Advisory VDB Entry
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073	Issue Tracking Third Party Advisory
http://samba.org/samba/security/CVE-2008-3789.html	Vendor Advisory
http://secunia.com/advisories/31601	Not Applicable Third Party Advisory
http://www.openwall.com/lists/oss-security/2008/08/26/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/30837	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1020770	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2008/2440	Permissions Required Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44678	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:50

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073 - Issue Tracking, Third Party Advisory~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073 - Issue Tracking, Third Party Advisory
References	~~() http://samba.org/samba/security/CVE-2008-3789.html - Vendor Advisory~~	() http://samba.org/samba/security/CVE-2008-3789.html - Vendor Advisory
References	~~() http://secunia.com/advisories/31601 - Not Applicable, Third Party Advisory~~	() http://secunia.com/advisories/31601 - Not Applicable, Third Party Advisory
References	~~() http://www.openwall.com/lists/oss-security/2008/08/26/2 - Mailing List, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2008/08/26/2 - Mailing List, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/30837 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/30837 - Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id?1020770 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id?1020770 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.vupen.com/english/advisories/2008/2440 - Permissions Required, Third Party Advisory~~	() http://www.vupen.com/english/advisories/2008/2440 - Permissions Required, Third Party Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/44678 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/44678 - Third Party Advisory, VDB Entry

31 Oct 2022, 15:04

Type	Values Removed	Values Added
CPE	cpe:2.3:a:samba:samba:3.2.0:::::::*	cpe:2.3:a:samba:samba::::::::
CWE	~~CWE-264~~	CWE-732
References	~~(BID) http://www.securityfocus.com/bid/30837 -~~	(BID) http://www.securityfocus.com/bid/30837 - Third Party Advisory, VDB Entry
References	~~(SECTRACK) http://www.securitytracker.com/id?1020770 -~~	(SECTRACK) http://www.securitytracker.com/id?1020770 - Broken Link, Third Party Advisory, VDB Entry
References	~~(VUPEN) http://www.vupen.com/english/advisories/2008/2440 -~~	(VUPEN) http://www.vupen.com/english/advisories/2008/2440 - Permissions Required, Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/31601 -~~	(SECUNIA) http://secunia.com/advisories/31601 - Not Applicable, Third Party Advisory
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2008/08/26/2 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2008/08/26/2 - Mailing List, Third Party Advisory
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44678 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/44678 - Third Party Advisory, VDB Entry
References	~~(CONFIRM) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073 -~~	(CONFIRM) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073 - Issue Tracking, Third Party Advisory
References	~~(CONFIRM) http://samba.org/samba/security/CVE-2008-3789.html -~~	(CONFIRM) http://samba.org/samba/security/CVE-2008-3789.html - Vendor Advisory

Information

Published : 2008-08-27 20:41

Updated : 2025-04-09 00:30

NVD link : CVE-2008-3789

Mitre link : CVE-2008-3789

CVE.ORG link : CVE-2008-3789

JSON object : View

Products Affected

samba

samba

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

2.1 /10