Wind River Support Network

HomeDefectsLIN5-13567
Fixed

LIN5-13567 : Security Advisory - samba - CVE-2012-6150

Created: Dec 17, 2013    Updated: Dec 19, 2017
Resolved Date: Apr 22, 2014
Previous ID: LIN3-17419
Found In Version: 5.0
Fix Version: 5.0.1.14
Severity: Low
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6150

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online