製品・ソフトウェアに関する情報

JVN脆弱性詳細

Samba の nsswitch/pam_winbind.c の winbind_name_list_to_sid_string_list 関数におけるアクセス制限を回避される脆弱性

Title	Samba の nsswitch/pam_winbind.c の winbind_name_list_to_sid_string_list 関数におけるアクセス制限を回避される脆弱性
Summary	Samba の nsswitch/pam_winbind.c 内の winbind_name_list_to_sid_string_list 関数は、すべてのユーザによる認証を受け入れることで無効な require_membership_of グループ名を処理するため、アクセス制限を回避される脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、管理者の pam_winbind 設定ファイルの間違いを利用されることで、アクセス制限を回避される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 12, 2012, midnight
Registration Date	Dec. 4, 2013, 3:03 p.m.
Last Update	March 5, 2014, 5:22 p.m.

CVSS2.0 : 注意
Score	3.6
Vector	AV:N/AC:H/Au:S/C:P/I:P/A:N

Affected System

Samba Project

Samba 4.1.2 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-6150	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6150
National Vulnerability Database (NVD)
2	CVE-2012-6150	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6150
SECURITY BLOG
3	CVE-2012-6150 Input Validation vulnerability in Samba	https://blogs.oracle.com/sunsecurity/entry/cve_2012_6150_input_validation

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Red Hat Bugzilla
1	Bug 1036897	https://bugzilla.redhat.com/show_bug.cgi?id=1036897
samba-technical mailing list
2	winbind pam security problem	https://lists.samba.org/archive/samba-technical/2012-June/084593.html
The Samba-Bugzilla
3	Bug 10300	https://bugzilla.samba.org/show_bug.cgi?id=10300

Change Log

No	Changed Details	Date of change
0	[2013年12月04日] 掲載 [2014年03月05日] ベンダ情報：オラクル (CVE-2012-6150 Input Validation vulnerability in Samba) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-6150

Summary	The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.
Publication Date	Dec. 4, 2013, 4:55 a.m.
Registration Date	Jan. 28, 2021, 3:07 p.m.
Last Update	Nov. 21, 2024, 10:45 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:samba:samba::::::::	4.1.0			4.1.3
cpe:2.3:a:samba:samba::::::::	4.0.0			4.0.13
cpe:2.3:a:samba:samba::::::::	3.4.3			3.6.22
cpe:2.3:a:samba:samba::::::::	3.3.10			3.4.0

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html	Mailing List Third Party Advisory
2	http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html	Mailing List Third Party Advisory
3	http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html	Mailing List Third Party Advisory
4	http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134717.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00002.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-updates/2013-12/msg00088.html	Mailing List Third Party Advisory
13	http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html	Mailing List Third Party Advisory
14	http://lists.opensuse.org/opensuse-updates/2014-03/msg00063.html	Mailing List Third Party Advisory
15	http://marc.info/?l=bugtraq&m=141660010015249&w=2	Mailing List Third Party Advisory
16	http://marc.info/?l=bugtraq&m=141660010015249&w=2	Mailing List Third Party Advisory
17	http://marc.info/?l=bugtraq&m=141660010015249&w=2	Mailing List Third Party Advisory
18	http://marc.info/?l=bugtraq&m=141660010015249&w=2	Mailing List Third Party Advisory
19	http://openwall.com/lists/oss-security/2013/12/03/5	Mailing List Third Party Advisory
20	http://openwall.com/lists/oss-security/2013/12/03/5	Mailing List Third Party Advisory
21	http://rhn.redhat.com/errata/RHSA-2014-0330.html	Third Party Advisory
22	http://rhn.redhat.com/errata/RHSA-2014-0330.html	Third Party Advisory
23	http://security.gentoo.org/glsa/glsa-201502-15.xml	Third Party Advisory
24	http://security.gentoo.org/glsa/glsa-201502-15.xml	Third Party Advisory
25	http://www.mandriva.com/security/advisories?name=MDVSA-2013:299	Third Party Advisory
26	http://www.mandriva.com/security/advisories?name=MDVSA-2013:299	Third Party Advisory
27	http://www.ubuntu.com/usn/USN-2054-1	Third Party Advisory
28	http://www.ubuntu.com/usn/USN-2054-1	Third Party Advisory
29	https://bugzilla.redhat.com/show_bug.cgi?id=1036897	Issue Tracking Third Party Advisory
30	https://bugzilla.redhat.com/show_bug.cgi?id=1036897	Issue Tracking Third Party Advisory
31	https://bugzilla.samba.org/show_bug.cgi?id=10300	Issue Tracking Patch Third Party Advisory
32	https://bugzilla.samba.org/show_bug.cgi?id=10300	Issue Tracking Patch Third Party Advisory
33	https://lists.samba.org/archive/samba-technical/2012-June/084593.html	Exploit Vendor Advisory
34	https://lists.samba.org/archive/samba-technical/2012-June/084593.html	Exploit Vendor Advisory
35	https://lists.samba.org/archive/samba-technical/2013-November/096411.html	Exploit Vendor Advisory
36	https://lists.samba.org/archive/samba-technical/2013-November/096411.html	Exploit Vendor Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html