Bugzilla – Bug 853347
VUL-0: CVE-2012-6150: samba: winbind pam security problem
Last modified: 2016-04-20 10:11:42 UTC
Kim Olsen found a problem with the "require-membership-of" argument to pam_winbind.so. "If the group does not exist in the domain, the fallback behaviour is to bypass the rest of the pam authentication stack and to allow the user in immediately." CVE-2012-6150 was assigned to this issue. References: http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243 https://lists.samba.org/archive/samba-technical/2012-June/084593.html https://bugzilla.samba.org/show_bug.cgi?id=8598 http://git.samba.org/?p=samba.git;a=commit;h=31f1a36901b5b8959dc51401c09c114829b50392 http://comments.gmane.org/gmane.comp.security.oss.general/11588
The upstream bug is: https://bugzilla.samba.org/show_bug.cgi?id=10300 I unfortunately added the wrong bug ID to Noel's master commit causing the bso#8598 confusion here.
bugbot adjusting priority
quoteing the samba bug: As mentioned, this bug applies to versions 3.3.10, 3.4.3, 3.5.0 and later.
This is an autogenerated message for OBS integration: This bug (853347) was mentioned in https://build.opensuse.org/request/show/210027 Factory / samba
This is an autogenerated message for OBS integration: This bug (853347) was mentioned in https://build.opensuse.org/request/show/210422 13.1 / samba https://build.opensuse.org/request/show/210423 12.3 / samba
This is an autogenerated message for OBS integration: This bug (853347) was mentioned in https://build.opensuse.org/request/show/210424 12.2 / samba
openSUSE-SU-2013:1921-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 844720,848101,848103,853021,853347 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4475,CVE-2013-4476 Sources used: openSUSE 13.1 (src): samba-4.1.3-3.12.1
done
Update released for: cifs-mount, ldapsmb, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtdb-devel, libtdb1, libtdb1-32bit, libwbclient-devel, libwbclient0, libwbclient0-32bit, samba, samba-32bit, samba-client, samba-client-32bit, samba-debuginfo, samba-debuginfo-32bit, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: cifs-mount, ldapsmb, libldb-devel, libldb1, libldb1-32bit, libldb1-x86, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-x86, libtalloc2, libtalloc2-32bit, libtalloc2-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libtevent-devel, libtevent0, libtevent0-32bit, libtevent0-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: cifs-mount, ldapsmb, libldb-devel, libldb1, libldb1-32bit, libldb1-x86, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-x86, libtalloc2, libtalloc2-32bit, libtalloc2-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libtevent-devel, libtevent0, libtevent0-32bit, libtevent0-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0024-1: An update that solves three vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 817880,838472,844720,848101,849226,853021,853347,854520 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4475 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): samba-3.6.3-0.46.1 SUSE Linux Enterprise Software Development Kit 11 SP2 (src): samba-3.6.3-0.33.39.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): samba-3.6.3-0.46.1, samba-doc-3.6.3-0.46.1 SUSE Linux Enterprise Server 11 SP3 (src): samba-3.6.3-0.46.1, samba-doc-3.6.3-0.46.1 SUSE Linux Enterprise Server 11 SP2 for VMware (src): samba-3.4.3-1.50.1, samba-3.6.3-0.33.39.1, samba-doc-3.6.3-0.33.39.1 SUSE Linux Enterprise Server 11 SP2 (src): samba-3.4.3-1.50.1, samba-3.6.3-0.33.39.1, samba-doc-3.6.3-0.33.39.1 SUSE Linux Enterprise Desktop 11 SP3 (src): samba-3.6.3-0.46.1, samba-doc-3.6.3-0.46.1 SUSE Linux Enterprise Desktop 11 SP2 (src): samba-3.4.3-1.50.1, samba-3.6.3-0.33.39.1, samba-doc-3.6.3-0.33.39.1
This is an autogenerated message for OBS integration: This bug (853347) was mentioned in https://build.opensuse.org/request/show/225656 12.3 / samba
This is an autogenerated message for OBS integration: This bug (853347) was mentioned in https://build.opensuse.org/request/show/225704 12.3 / samba
openSUSE-SU-2014:0405-1: An update that solves three vulnerabilities and has 9 fixes is now available. Category: security (moderate) Bug References: 437293,741623,755663,786677,844307,844720,849224,853021,853347,854520,863748,865561 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496 Sources used: openSUSE 12.3 (src): samba-3.6.12-59.19.1, samba-doc-3.6.12-59.19.1
Update released for: ifolder3-enterprise, novell-afptcpd, novell-afptcpd-interfaces, novell-afptcpd-interfaces-32bit, novell-cifs, novell-cifs-interfaces, novell-cifs-interfaces-32bit, novell-iprint-iprntman, novell-migration-gui-base, novell-nrm, novell-oes-pure-ftpd, novell-oes-samba, novell-oes-samba-32bit, novell-oes-samba-cifs-mount, novell-oes-samba-client, novell-oes-samba-client-32bit, novell-oes-samba-krb-printing, novell-oes-samba-ldapsmb, novell-oes-samba-libldb1, novell-oes-samba-libnetapi0, novell-oes-samba-libsmbclient0, novell-oes-samba-libsmbclient0-32bit, novell-oes-samba-libsmbsharemodes0, novell-oes-samba-libtalloc1, novell-oes-samba-libtalloc1-32bit, novell-oes-samba-libtalloc2, novell-oes-samba-libtalloc2-32bit, novell-oes-samba-libtdb1, novell-oes-samba-libtdb1-32bit, novell-oes-samba-libtevent0, novell-oes-samba-libtevent0-32bit, novell-oes-samba-libwbclient0, novell-oes-samba-libwbclient0-32bit, novell-oes-samba-winbind, novell-oes-samba-winbind-32bit, novell-vigil-vlog, novell-xad-framework Products: Open-Enterprise-Server 11-SP2 (x86_64)
Update released for: cifs-mount, ldapsmb, libnetapi-devel, libnetapi0, libsmbclient-devel, libsmbclient0, libsmbclient0-32bit, libsmbclient0-x86, libsmbsharemodes-devel, libsmbsharemodes0, libtalloc-devel, libtalloc1, libtalloc1-32bit, libtalloc1-x86, libtdb-devel, libtdb1, libtdb1-32bit, libtdb1-x86, libwbclient-devel, libwbclient0, libwbclient0-32bit, libwbclient0-x86, samba, samba-32bit, samba-client, samba-client-32bit, samba-client-x86, samba-debuginfo, samba-debuginfo-32bit, samba-debuginfo-x86, samba-debugsource, samba-devel, samba-doc, samba-krb-printing, samba-vscan, samba-winbind, samba-winbind-32bit, samba-winbind-x86, samba-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, s390x, x86_64) SLE-SERVER 11-SP1-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0723-1: An update that solves 6 vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 783384,799641,800982,829969,844720,849224,853021,853347 CVE References: CVE-2012-6150,CVE-2013-0213,CVE-2013-0214,CVE-2013-4124,CVE-2013-4408,CVE-2013-4496 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): samba-3.4.3-1.52.3, samba-doc-3.4.3-1.52.3
openSUSE-SU-2016:1106-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 844720,849224,853347,917376,936862,958582,958583,958584,958586,968222,971965,973031,973032,973033,973034,973035,973036 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496,CVE-2015-0240,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2114,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE 13.1 (src): samba-4.2.4-3.54.2
openSUSE-SU-2016:1107-1: An update that fixes 17 vulnerabilities is now available. Category: security (important) Bug References: 844720,849224,853347,917376,936862,958582,958583,958584,958586,968222,971965,973031,973032,973033,973034,973035,973036 CVE References: CVE-2012-6150,CVE-2013-4408,CVE-2013-4496,CVE-2015-0240,CVE-2015-5252,CVE-2015-5296,CVE-2015-5299,CVE-2015-5330,CVE-2015-5370,CVE-2015-7560,CVE-2016-2110,CVE-2016-2111,CVE-2016-2112,CVE-2016-2113,CVE-2016-2114,CVE-2016-2115,CVE-2016-2118 Sources used: openSUSE Evergreen 11.4 (src): samba-3.6.3-141.1, samba-doc-3.6.3-141.1