samba: pam_winbind fails open when non-existent group specified to require_membership_of

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

SuSE 11.2 / 11.3 Security Update : Samba (SAT Patch Numbers 8655 / 8656)

This update fixes the following security issues with samba : - DCERPC fraglen not checked. CVE-2013-4408. bnc844720 - winbind pam security problem. CVE-2012-6150. bnc853347 - No access check verification on stream files CVE-2013-4475. And fixes the following non-security issues :. bnc848101 -...

Fedora 20 : samba-4.1.3-2.fc20 (2013-23177)

Fix NULL pointer derreference in winbind debug message. Update to version 4.1.3 which fixes two security bugs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as...

Ubuntu Update for samba USN-2054-1

Check for the Version of samba OpenVAS Vulnerability Test $Id: gbubuntuUSN20541.nasl 8672 2018-02-05 16:39:18Z teissa $ Ubuntu Update for samba USN-2054-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

Ubuntu: Security Advisory (USN-2054-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 / 13.10 : samba vulnerabilities (USN-2054-1)

It was discovered that Winbind incorrectly handled invalid group names with the requiremembershipof parameter. If an administrator used an invalid group name by mistake, access was granted instead of having the login fail. CVE-2012-6150 Stefan Metzmacher and Michael Adam discovered that Samba...

USN-2054-1: Samba vulnerabilities

It was discovered that Winbind incorrectly handled invalid group names with the requiremembershipof parameter. If an administrator used an invalid group name by mistake, access was granted instead of having the login fail. CVE-2012-6150 Stefan Metzmacher and Michael Adam discovered that Samba...

pam_winbind login without require_membership_of restrictions

Description Winbind allows for the further restriction of authenticated PAM logins using the requiremembershipof parameter. System administrators may specify a list of SIDs or groups for which an authenticated user must be a member of. If an authenticated user does not belong to any of the entrie...

DEBIAN-CVE-2012-6150

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

CVE-2012-6150

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

CVE-2012-6150

Samba (through 4.1.2 and earlier) contains a flaw in winbind_name_list_to_sid_string_list that can let an authenticated user bypass access restrictions when require_membership_of group names are invalid in PAM winbind configurations. This stems from how the PAM module handles non-existent groups,...

CVE-2012-6150

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

UBUNTU-CVE-2012-6150

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

CVE-2012-6150

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

IT-Grundschutz M4.333: Sichere Konfiguration von Winbind unter Samba

IT-Grundschutz M4.333: Sichere Konfiguration von Winbind unter Samba ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94240 Stand: 13. Ergänzungslieferung 13. EL...

IT-Grundschutz M4.333: Sichere Konfiguration von Winbind unter Samba

IT-Grundschutz M4.333: Sichere Konfiguration von Winbind unter Samba ACHTUNG: Dieser Test wird nicht mehr unterstützt. Er wurde ersetzt durch den entsprechenden Test der nun permanent and die aktuelle EL angepasst wird: OID 1.3.6.1.4.1.25623.1.0.94240 Stand: 13. Ergänzungslieferung 13. EL. OpenVA...

CentOS Update for samba4 CESA-2013:0506 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for squid CESA-2013:0505 centos6

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS 6 : samba4 (CESA-2013:0506)

Updated samba4 packages that fix one security issue, multiple bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

Scientific Linux Security Update : samba4 on SL6.x i386/x86_64 (20130221)

A flaw was found in the Samba suite's Perl-based DCE/RPC IDL PIDL compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. CVE-2012-1182 The samba4 packages have been upgraded to upstream...