Unrated severityNVD Advisory· Published Dec 3, 2013· Updated Apr 29, 2026
CVE-2012-6150
CVE-2012-6150
Description
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
Affected products
7cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- bugzilla.samba.org/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- lists.samba.org/archive/samba-technical/2012-June/084593.htmlnvdExploitVendor Advisory
- lists.samba.org/archive/samba-technical/2013-November/096411.htmlnvdExploitVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.htmlnvdMailing ListThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-12/msg00088.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2014-03/msg00063.htmlnvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- openwall.com/lists/oss-security/2013/12/03/5nvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-0330.htmlnvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201502-15.xmlnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.ubuntu.com/usn/USN-2054-1nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.