ID de Prueba:	1.3.6.1.4.1.25623.1.0.150741
Categoría:	Denial of Service
Título:	Samba 3.3.10, 3.4.3, 3.5.0 and later Improper Input Validation Vulnerability (CVE-2012-6150)
Resumen:	Login of authenticated users is not restricted by the pam_winbind; require_membership_of parameter if it only specifies invalid group names.
Descripción:	Summary: Login of authenticated users is not restricted by the pam_winbind require_membership_of parameter if it only specifies invalid group names. Vulnerability Insight: Winbind allows for the further restriction of authenticated PAM logins using the require_membership_of parameter. System administrators may specify a list of SIDs or groups for which an authenticated user must be a member of. If an authenticated user does not belong to any of the entries, then login should fail. Invalid group name entries are ignored. Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from authenticated users if the require_membership_of parameter specifies only invalid group names. This is a vulnerability with low impact. All require_membership_of group names must be invalid for this bug to be encountered. Affected Software/OS: Samba versions 3.3.10, 3.4.3, 3.5.0 and later. Solution: Update to version 3.6.22, 4.0.13, and 4.1.3 or later. CVSS Score: 3.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6150 FEDORA-2014-7672 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html FEDORA-2014-9132 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html GLSA-201502-15 http://security.gentoo.org/glsa/glsa-201502-15.xml HPSBUX03087 http://marc.info/?l=bugtraq&m=141660010015249&w=2 MDVSA-2013:299 http://www.mandriva.com/security/advisories?name=MDVSA-2013:299 RHSA-2014:0330 http://rhn.redhat.com/errata/RHSA-2014-0330.html SSRT101413 SUSE-SU-2014:0024 http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html USN-2054-1 http://www.ubuntu.com/usn/USN-2054-1 [oss-security] 20131202 Re: CVE request: samba pam_winbind authentication fails open http://openwall.com/lists/oss-security/2013/12/03/5 [samba-technical] 20120612 winbind pam security problem https://lists.samba.org/archive/samba-technical/2012-June/084593.html [samba-technical] 20131128 fail authentication if user isn't member of *any* require_membership_of specified groups https://lists.samba.org/archive/samba-technical/2013-November/096411.html https://bugzilla.redhat.com/show_bug.cgi?id=1036897 https://bugzilla.samba.org/show_bug.cgi?id=10300 openSUSE-SU-2013:1921 http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html openSUSE-SU-2014:0405 http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html openSUSE-SU-2016:1106 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html openSUSE-SU-2016:1107 http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.