CVE-2012-6150
8.9 High
AI Score
Confidence
High
3.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
47.6%
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator’s pam_winbind configuration-file mistake.
References
lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
lists.opensuse.org/opensuse-updates/2013-12/msg00088.html
lists.opensuse.org/opensuse-updates/2014-03/msg00063.html
marc.info/?l=bugtraq&m=141660010015249&w=2
openwall.com/lists/oss-security/2013/12/03/5
rhn.redhat.com/errata/RHSA-2014-0330.html
security.gentoo.org/glsa/glsa-201502-15.xml
www.mandriva.com/security/advisories?name=MDVSA-2013:299
www.ubuntu.com/usn/USN-2054-1
bugzilla.redhat.com/show_bug.cgi?id=1036897
bugzilla.samba.org/show_bug.cgi?id=10300
lists.samba.org/archive/samba-technical/2012-June/084593.html
lists.samba.org/archive/samba-technical/2013-November/096411.html
Social References
More
Related
8.9 High
AI Score
Confidence
High
3.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
47.6%