Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Samba 3.3.10, 3.4.3, 3.5.0 and later Improper Input Validation Vulnerability (CVE-2012-6150)

Information

Severity

Severity

Low

Family

Family

Denial of Service

CVSSv2 Base

CVSSv2 Base

3.6

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:H/Au:S/C:P/I:P/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

1 year ago

Modified

Modified

11 months ago

Summary

Login of authenticated users is not restricted by the pam_winbind require_membership_of parameter if it only specifies invalid group names.

Insight

Insight

Winbind allows for the further restriction of authenticated PAM logins using the require_membership_of parameter. System administrators may specify a list of SIDs or groups for which an authenticated user must be a member of. If an authenticated user does not belong to any of the entries, then login should fail. Invalid group name entries are ignored. Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from authenticated users if the require_membership_of parameter specifies only invalid group names. This is a vulnerability with low impact. All require_membership_of group names must be invalid for this bug to be encountered.

Affected Software

Affected Software

Samba versions 3.3.10, 3.4.3, 3.5.0 and later.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 3.6.22, 4.0.13, and 4.1.3 or later.

Common Vulnerabilities and Exposures (CVE)