CVE-2026-15779 in Samba정보

요약

\~에 의해 MITRE • 2026. 07. 15.

A flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory (a common default for system accounts) can have this triggered not only by root, but by a non-root user holding a narrow sudo delegation to run commands as that account, causing ownership of / to change and resulting in severe denial of service (SSH, sudo, and package-manager failures). The change does not grant write access to / (which ships with restrictive 0555 permissions on RHEL), so the impact is availability loss rather than further privilege escalation.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

책임이 있는

Redhat

예약하다

2026. 07. 14.

모더레이션

수락

항목

VDB-379252

EPSS

0.00000

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!