VYPR
Unrated severityNVD Advisory· Published Dec 3, 2013· Updated Jun 16, 2026

CVE-2012-6150

CVE-2012-6150

Description

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

8
  • cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*range: >=3.3.10,<3.4.0
    • (no CPE)range: <=4.1.2
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 4 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.