CVE-2012-6150 : The winbind_name_list_to_sid_string_list function in nsswitch/pam

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.

Published 2013-12-03 19:55:04

Updated 2022-09-01 16:35:00

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2012-6150

Samba » Samba
Versions from including (>=) 4.0.0 and before (<) 4.0.13
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Samba » Samba
Versions from including (>=) 4.1.0 and before (<) 4.1.3
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Samba » Samba
Versions from including (>=) 3.3.10 and before (<) 3.4.0
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Samba » Samba
Versions from including (>=) 3.4.3 and before (<) 3.6.22
cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 13.04
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 13.10
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-6150

EPSS FAQ

0.27%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 44 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-6150

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.6	LOW	AV:N/AC:H/Au:S/C:P/I:P/A:N	3.9	4.9	NIST
Access Vector: Network Access Complexity: High Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-6150

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-6150

http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html

503 Backend fetch failed
Mailing List;Third Party Advisory

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-201502-15.xml

Samba: Multiple vulnerabilities (GLSA 201502-15) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1036897

1036897 – (CVE-2012-6150) CVE-2012-6150 samba: pam_winbind fails open when non-existent group specified to require_membership_of
Issue Tracking;Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html

[SECURITY] Fedora 20 Update: samba-4.1.9-3.fc20
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html

openSUSE-SU-2014:0405-1: moderate: samba: security and bugfix update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html

[security-announce] openSUSE-SU-2016:1106-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html

openSUSE-SU-2013:1921-1: moderate: update for samba
Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html

[security-announce] SUSE-SU-2014:0024-1: important: Security update for
Mailing List;Third Party Advisory

CVEs referencing this url
https://bugzilla.samba.org/show_bug.cgi?id=10300

Bug 10300 – fail authentication if user isn't member of *any* require_membership_of specified groups
Issue Tracking;Patch;Third Party Advisory
http://marc.info/?l=bugtraq&m=141660010015249&w=2

'[security bulletin] HPSBUX03087 SSRT101413 rev.2 - HP-UX CIFS Server (Samba), Remote Denial of Servi' - MARC
Mailing List;Third Party Advisory

CVEs referencing this url
http://openwall.com/lists/oss-security/2013/12/03/5

oss-security - Re: CVE request: samba pam_winbind authentication fails open
Mailing List;Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:299

mandriva.com
Third Party Advisory

CVEs referencing this url
https://lists.samba.org/archive/samba-technical/2012-June/084593.html

winbind pam security problem
Exploit;Vendor Advisory
https://lists.samba.org/archive/samba-technical/2013-November/096411.html

fail authentication if user isn't member of *any* require_membership_of specified groups
Exploit;Vendor Advisory
http://www.ubuntu.com/usn/USN-2054-1

USN-2054-1: Samba vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2014-0330.html

RHSA-2014:0330 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html

[security-announce] openSUSE-SU-2016:1107-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2012-6150

Products affected by CVE-2012-6150

Exploit prediction scoring system (EPSS) score for CVE-2012-6150

CVSS scores for CVE-2012-6150

CWE ids for CVE-2012-6150

References for CVE-2012-6150