CVE-2012-6150: Input Validation
First published: Mon Dec 02 2013(Updated: )
It was reported [1] that Samba's pam_winbind module would fail open (allowing access) when the require_membership_of option is used as an argument to pam_winbind, and contains a non-existent group as the value. In such a configuration, rather then failing and not permitting authentication which is what would be expected, pam_winbind will allow authentication to proceed. For instance, if the following is specified and the user is not a member of the group 'Admin', they will not obtain access to the system: auth sufficient pam_winbind.so use_first_pass require_membership_of=Admin On the other hand, if the non-existent group 'AdminOops' is specified, the user is obviously not a member of said group, authentication will be permitted: auth sufficient pam_winbind.so use_first_pass require_membership_of=AdminOops The commit [2] that most likely introduced this flaw indicates that this was introduced October 2009 and another commit [3] looks like the fix, although that is for another bug [4] that's somewhat related to this issue and somewhat not. [1] <a href="https://lists.samba.org/archive/samba-technical/2012-June/084593.html">https://lists.samba.org/archive/samba-technical/2012-June/084593.html</a> [2] <a href="http://git.samba.org/?p=samba.git;a=commit;h=31f1a36901b5b8959dc51401c09c114829b50392">http://git.samba.org/?p=samba.git;a=commit;h=31f1a36901b5b8959dc51401c09c114829b50392</a> [3] <a href="http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243">http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243</a> [4] <a href="https://bugzilla.samba.org/show_bug.cgi?id=8598">https://bugzilla.samba.org/show_bug.cgi?id=8598</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samba Samba | >=3.3.10<3.4.0 | |
| Samba Samba | >=3.4.3<3.6.22 | |
| Samba Samba | >=4.0.0<4.0.13 | |
| Samba Samba | >=4.1.0<4.1.3 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =12.10 | |
| Canonical Ubuntu Linux | =13.04 | |
| Canonical Ubuntu Linux | =13.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html
- http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html
- http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html
- http://marc.info/?l=bugtraq&m=141660010015249&w=2
- http://openwall.com/lists/oss-security/2013/12/03/5
- http://rhn.redhat.com/errata/RHSA-2014-0330.html
- http://security.gentoo.org/glsa/glsa-201502-15.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:299
- http://www.ubuntu.com/usn/USN-2054-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1036897
- https://bugzilla.samba.org/show_bug.cgi?id=10300
- https://lists.samba.org/archive/samba-technical/2012-June/084593.html
- https://lists.samba.org/archive/samba-technical/2013-November/096411.html
- http://git.samba.org/?p=samba.git;a=commit;h=31f1a36901b5b8959dc51401c09c114829b50392
- http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243
- https://bugzilla.samba.org/show_bug.cgi?id=8598
- http://www.openwall.com/lists/oss-security/2013/12/02/5
- http://www.samba.org/samba/security/CVE-2012-6150
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1039500
- https://rhn.redhat.com/errata/RHSA-2014-0330.html
- https://rhn.redhat.com/errata/RHSA-2014-0383.html
- collector/nvd-index
- agent/author
- agent/event
- agent/references
- agent/tags
- agent/type
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-6150
- vendor/samba
- canonical/samba samba
- version/samba samba/3.3.10
- version/samba samba/3.4.3
- version/samba samba/4.0.0
- version/samba samba/4.1.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/12.10
- version/canonical ubuntu linux/13.04
- version/canonical ubuntu linux/13.10