CVE-2012-6150
Samba < 4.1.2 - Authentication Bypass via Invalid Group Name Handling
Title source: llmDescription
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
References (17)
Core 17
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=141660010015249&w=2
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2054-1
Exploit, Vendor Advisory mailing-list
x_refsource_mlist
https://lists.samba.org/archive/samba-technical/2012-June/084593.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201502-15.xml
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Exploit, Vendor Advisory mailing-list
x_refsource_mlist
https://lists.samba.org/archive/samba-technical/2013-November/096411.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2013/12/03/5
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0330.html
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.samba.org/show_bug.cgi?id=10300
Third Party Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:299
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1036897
Scores
EPSS
0.0013
EPSS Percentile
31.2%
Details
CWE
CWE-20
Status
published
Products (6)
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
canonical/ubuntu_linux
13.04
canonical/ubuntu_linux
13.10
samba/samba
3.3.10 - 3.4.0
Published
Dec 03, 2013
Tracked Since
Feb 18, 2026