Path Validation Flaw in Samba's pam_winbind Affects Home Directory Ownership
CVE-2026-15779

6.1MEDIUM

What is CVE-2026-15779?

A flaw exists in Samba's pam_winbind module which can lead to improper handling of home directories for user accounts, particularly when mkhomedir is enabled. This issue allows non-root users with specific sudo privileges to inadvertently change the ownership of critical directories, such as '/', impacting system availability. The vulnerability does not escalate privileges but can disrupt essential services like SSH and package management, posing a significant risk to system stability.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

This issue was discovered by Runar Lundgren (Red Hat).
.