CVE-2012-6150
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2012-6150
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-6150.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2012-6150
- Downstream
- Related
- Published
- 2013-12-03T19:55:03Z
- Modified
- 2025-08-09T19:01:28Z
- Summary
- [none]
- Details
-
The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pamwinbind configuration-file mistake.
- References
-
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
- http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html
- http://marc.info/?l=bugtraq&m=141660010015249&w=2
- http://openwall.com/lists/oss-security/2013/12/03/5
- http://rhn.redhat.com/errata/RHSA-2014-0330.html
- http://security.gentoo.org/glsa/glsa-201502-15.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:299
- http://www.ubuntu.com/usn/USN-2054-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1036897
- https://bugzilla.samba.org/show_bug.cgi?id=10300
- https://lists.samba.org/archive/samba-technical/2012-June/084593.html
- https://lists.samba.org/archive/samba-technical/2013-November/096411.html