No analysis available yet.
Vendor Workaround
Do not enable mkhomedir in pam_winbind.conf on systems where any account (including system accounts) may resolve to a home directory of / or another sensitive system path.
Tracking
Sign in to view the affected projects.
No advisories yet.
Wed, 15 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 15 Jul 2026 13:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory (a common default for system accounts) can have this triggered not only by root, but by a non-root user holding a narrow sudo delegation to run commands as that account, causing ownership of / to change and resulting in severe denial of service (SSH, sudo, and package-manager failures). The change does not grant write access to / (which ships with restrictive 0555 permissions on RHEL), so the impact is availability loss rather than further privilege escalation. | |
| Title | Samba-winbind: samba: pam_winbind mkhomedir chowns critical system paths without validation | |
| First Time appeared |
Redhat
Redhat enterprise Linux |
|
| Weaknesses | CWE-732 | |
| CPEs | cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat
Redhat enterprise Linux |
|
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-07-15T13:04:49.311Z
Reserved: 2026-07-14T18:33:36.712Z
Link: CVE-2026-15779
Updated: 2026-07-15T13:04:45.996Z
No data.
No data.
OpenCVE Enrichment
No data.
-
CWE-732
Incorrect Permission Assignment for Critical Resource