CVE-2012-6150
CVE-2012-6150
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlhttp://lists.opensuse.org/opensuse-updates/2013-12/msg00088.htmlhttp://lists.opensuse.org/opensuse-updates/2014-03/msg00063.htmlhttp://marc.info/?l=bugtraq&m=141660010015249&w=2http://openwall.com/lists/oss-security/2013/12/03/5http://rhn.redhat.com/errata/RHSA-2014-0330.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1036897https://bugzilla.samba.org/show_bug.cgi?id=10300