CVE-2012-6150

Published Dec 3, 2013

Last updated 2 years ago

CVSS info 3.6

Overview

Description: The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.6
Impact score: 4.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAFA9438-6729-4379-99DF-9B19FD069BEF",
            "versionEndExcluding": "3.4.0",
            "versionStartIncluding": "3.3.10"
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4F5DCF5-F3E6-4F85-9782-C6C696651342",
            "versionEndExcluding": "3.6.22",
            "versionStartIncluding": "3.4.3"
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DCF35B4-F2BC-431E-AB98-99E992A7BDE2",
            "versionEndExcluding": "4.0.13",
            "versionStartIncluding": "4.0.0"
          },
          {
            "criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B027B5BA-5629-4946-BB14-C05B0DAB11C9",
            "versionEndExcluding": "4.1.3",
            "versionStartIncluding": "4.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References