CVE-2012-6150

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:S/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141660010015249&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141660010015249&w=2	Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2013/12/03/5	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0330.html	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201502-15.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:299	Third Party Advisory
http://www.ubuntu.com/usn/USN-2054-1	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1036897	Issue Tracking Third Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=10300	Issue Tracking Patch Third Party Advisory
https://lists.samba.org/archive/samba-technical/2012-June/084593.html	Exploit Vendor Advisory
https://lists.samba.org/archive/samba-technical/2013-November/096411.html	Exploit Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141660010015249&w=2	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=141660010015249&w=2	Mailing List Third Party Advisory
http://openwall.com/lists/oss-security/2013/12/03/5	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0330.html	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201502-15.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:299	Third Party Advisory
http://www.ubuntu.com/usn/USN-2054-1	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1036897	Issue Tracking Third Party Advisory
https://bugzilla.samba.org/show_bug.cgi?id=10300	Issue Tracking Patch Third Party Advisory
https://lists.samba.org/archive/samba-technical/2012-June/084593.html	Exploit Vendor Advisory
https://lists.samba.org/archive/samba-technical/2013-November/096411.html	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::
	cpe:2.3:a:samba:samba::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*

History

21 Nov 2024, 01:45

Information

Published : 2013-12-03 19:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-6150

Mitre link : CVE-2012-6150

CVE.ORG link : CVE-2012-6150

JSON object : View

Products Affected

samba

samba

canonical

ubuntu_linux

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2012-6150", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-12-03T19:55:03.560", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2013/12/03/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0330.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201502-15.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:299", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-2054-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036897", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=10300", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.samba.org/archive/samba-technical/2012-June/084593.html", "tags": ["Exploit", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.samba.org/archive/samba-technical/2013-November/096411.html", "tags": ["Exploit", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=141660010015249&w=2", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://openwall.com/lists/oss-security/2013/12/03/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0330.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-201502-15.xml", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:299", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2054-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1036897", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.samba.org/show_bug.cgi?id=10300", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.samba.org/archive/samba-technical/2012-June/084593.html", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.samba.org/archive/samba-technical/2013-November/096411.html", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake."}, {"lang": "es", "value": "La funci\u00f3n winbind_name_list_to_sid_string_list en nsswitch/pam_winbind.c en Samba hasta v4.1.2 maneja nombres de grupo require_membership_of inv\u00e1lidos aceptando autenticaci\u00f3n de cualquier usuario, lo cual permite a usuarios autenticados remotamente sortear restricciones de acceso en circunstancias oportunistas mediante el aprovechamiento de un error en el fichero de configuraci\u00f3n de administraci\u00f3n pam_winbind."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAFA9438-6729-4379-99DF-9B19FD069BEF", "versionEndExcluding": "3.4.0", "versionStartIncluding": "3.3.10"}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4F5DCF5-F3E6-4F85-9782-C6C696651342", "versionEndExcluding": "3.6.22", "versionStartIncluding": "3.4.3"}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DCF35B4-F2BC-431E-AB98-99E992A7BDE2", "versionEndExcluding": "4.0.13", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B027B5BA-5629-4946-BB14-C05B0DAB11C9", "versionEndExcluding": "4.1.3", "versionStartIncluding": "4.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

3.6 /10