PT-2013-1045 · Alt Linux Team+7 · Alt Linux+5
Kim Olsen
·
Publicado
2013-12-03
·
Atualizado
2024-06-15
·
CVE-2012-6150
CVSS v2.0
3.6
Baixa
| Vetor | AV:N/AC:H/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Samba versions prior to 4.1.2
Red Hat Enterprise Linux (affected versions not specified)
CentOS (affected versions not specified)
ALT Linux (affected versions not specified)
Description
The issue is related to the handling of invalid group names in the winbind name list to sid string list function, which can allow remote authenticated users to bypass access restrictions. This can lead to a violation of confidentiality, integrity, and availability of protected information. The vulnerability exists due to the acceptance of authentication by any user when there is a mistake in the pam winbind configuration file.
Recommendations
For Samba versions prior to 4.1.2: Update to a version later than 4.1.2 to resolve the issue.
For Red Hat Enterprise Linux: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
For CentOS: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
For ALT Linux: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Hp-Ux
Red Hat
Samba
Suse