CVE-2026-15779 in Sambaالمعلومات

الملخص

بحسب MITRE • 15/07/2026

A flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory (a common default for system accounts) can have this triggered not only by root, but by a non-root user holding a narrow sudo delegation to run commands as that account, causing ownership of / to change and resulting in severe denial of service (SSH, sudo, and package-manager failures). The change does not grant write access to / (which ships with restrictive 0555 permissions on RHEL), so the impact is availability loss rather than further privilege escalation.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

مسؤول

Redhat

حجز

14/07/2026

إفشاء

15/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-379252

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

القطاع

Energy, Police, ...

المصادر

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!