CVE-2012-6150

Priority
Medium
Description
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c
in Samba through 4.1.2 handles invalid require_membership_of group names by
accepting authentication by any user, which allows remote authenticated
users to bypass intended access restrictions in opportunistic circumstances
by leveraging an administrator's pam_winbind configuration-file mistake.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (4.0.13,4.1.3)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 12.10 (Quantal Quetzal):needed
Ubuntu 13.10 (Saucy Salamander):needed
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Patches:
Upstream:http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243
Package
Source: samba (LP Ubuntu Debian)
Upstream:released (3.6.22,4.0.13)
Ubuntu 10.04 LTS (Lucid Lynx):released (2:3.4.7~dfsg-1ubuntu3.13)
Ubuntu 12.04 LTS (Precise Pangolin):released (2:3.6.3-2ubuntu2.9)
Ubuntu 12.10 (Quantal Quetzal):released (2:3.6.6-3ubuntu5.3)
Ubuntu 13.10 (Saucy Salamander):released (2:3.6.18-1ubuntu3.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (2:4.0.13+dfsg-1ubuntu1)
Patches:
Upstream:http://git.samba.org/?p=samba.git;a=commit;h=3b61be8a4b06f929c1bd52c1b8016f9a4fff9be1 (3.6)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-04-18 13:16:53 UTC (commit 7949)