Samba pam_winbind Home Directory Ownership Vulnerability Allowing Denial-of-Service

Vulnerability

A vulnerability exists in Samba's pam_winbind module, specifically in versions 4.19.x and 4.23.x, when the mkhomedir option is enabled. The module improperly changes the ownership of user home directories without checking if the path is a critical system directory, such as the root directory (/). This flaw can be exploited by non-root users with limited sudo privileges to alter the ownership of the root directory, leading to significant disruptions in system operations that rely on proper file ownership, such as SSH, sudo, and package management. While the ownership change does not allow writing to the root directory due to its default permissions, the incident still causes considerable operational issues.

Impact

Exploitation of this vulnerability disrupts normal system operations by breaking ownership rules, which can cause failures in SSH, sudo, and package management functions. However, it does not lead to unauthorized privilege escalation.

Reproduction

To reproduce this vulnerability, enable the mkhomedir option in the pam_winbind configuration file. Then, initiate a PAM session for a system account that has its home directory set to the root directory (/). This can be done by using a non-root user with specific sudo privileges to switch to the affected account. Once the PAM session is active, the ownership of the root directory will be changed to that account, demonstrating the vulnerability.

Remediation

Users can disable the mkhomedir option in the pam_winbind.conf file to prevent this vulnerability. For systems already affected, restoring the original ownership of the root directory will require manual intervention.

Added: Jul 15, 2026, 1:23 PM
Updated: Jul 15, 2026, 1:23 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.0
exploitability
3.9
remediation
0.0
relevance
9.8
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.