CVE-2012-6150

Publication date 3 December 2013

Last updated 24 July 2024

Ubuntu priority

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
samba	17.04 zesty	Fixed 2:4.0.13+dfsg-1ubuntu1
	16.10 yakkety	Fixed 2:4.0.13+dfsg-1ubuntu1
	16.04 LTS xenial	Fixed 2:4.0.13+dfsg-1ubuntu1
	15.10 wily	Fixed 2:4.0.13+dfsg-1ubuntu1
	15.04 vivid	Fixed 2:4.0.13+dfsg-1ubuntu1
	14.10 utopic	Fixed 2:4.0.13+dfsg-1ubuntu1
	14.04 LTS trusty	Fixed 2:4.0.13+dfsg-1ubuntu1
	13.10 saucy	Fixed 2:3.6.18-1ubuntu3.1
	13.04 raring	Fixed 2:3.6.9-1ubuntu1.2
	12.10 quantal	Fixed 2:3.6.6-3ubuntu5.3
	12.04 LTS precise	Fixed 2:3.6.3-2ubuntu2.9
	10.04 LTS lucid	Fixed 2:3.4.7~dfsg-1ubuntu3.13
samba4	17.04 zesty	Not in release
	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	15.04 vivid	Not in release
	14.10 utopic	Not in release
	14.04 LTS trusty	Not in release
	13.10 saucy	Ignored
	13.04 raring	Ignored
	12.10 quantal	Ignored
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Ignored

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
samba	Upstream: http://git.samba.org/?p=samba.git;a=commit;h=3b61be8a4b06f929c1bd52c1b8016f9a4fff9be1
samba4	Upstream: http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243

References

Related Ubuntu Security Notices (USN)

USN-2054-1
Samba vulnerabilities
11 December 2013

CVE-2012-6150

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references