CVE-2012-6150
Published: 3 December 2013
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
Priority
Status
Package | Release | Status |
---|---|---|
samba Launchpad, Ubuntu, Debian |
lucid |
Released
(2:3.4.7~dfsg-1ubuntu3.13)
|
precise |
Released
(2:3.6.3-2ubuntu2.9)
|
|
quantal |
Released
(2:3.6.6-3ubuntu5.3)
|
|
raring |
Released
(2:3.6.9-1ubuntu1.2)
|
|
saucy |
Released
(2:3.6.18-1ubuntu3.1)
|
|
trusty |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
upstream |
Released
(3.6.22,4.0.13)
|
|
utopic |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
vivid |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
wily |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
xenial |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
yakkety |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
zesty |
Released
(2:4.0.13+dfsg-1ubuntu1)
|
|
Patches: upstream: http://git.samba.org/?p=samba.git;a=commit;h=3b61be8a4b06f929c1bd52c1b8016f9a4fff9be1 (3.6) |
||
samba4 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.0.13,4.1.3)
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: upstream: http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150
- https://lists.samba.org/archive/samba-technical/2013-November/096411.html
- https://lists.samba.org/archive/samba-technical/2012-June/084593.html
- http://openwall.com/lists/oss-security/2013/12/03/5
- http://www.samba.org/samba/security/CVE-2012-6150
- https://ubuntu.com/security/notices/USN-2054-1
- NVD
- Launchpad
- Debian