Bug 33828

Summary: samba: Multiple issues (3.2)
Product: UCS Reporter: Moritz Muehlenhoff <jmm>
Component: Security updatesAssignee: Moritz Muehlenhoff <jmm>
Status: CLOSED DUPLICATE QA Contact: Arvid Requate <requate>
Severity: normal    
Priority: P3 CC: requate, walkenhorst
Version: UCS 3.0   
Target Milestone: UCS 3.2-x-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Moritz Muehlenhoff univentionstaff 2014-01-02 12:40:08 CET 
+++ This bug was initially created as a clone of Bug #33827 +++

+++ This bug was initially created as a clone of Bug #33826 +++

CVE-2012-6150

Quoting from https://www.samba.org/samba/history/samba-4.1.3.html:

   Winbind allows for the further restriction of authenticated PAM logins using
   the require_membership_of parameter. System administrators may specify a list
   of SIDs or groups for which an authenticated user must be a member of. If an
   authenticated user does not belong to any of the entries, then login should
   fail. Invalid group name entries are ignored.

   Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from
   authenticated users if the require_membership_of parameter specifies only
   invalid group names.

   This is a vulnerability with low impact. All require_membership_of group
   names must be invalid for this bug to be encountered.
Comment 1 Moritz Muehlenhoff univentionstaff 2014-05-30 10:55:42 CEST 
Information leak in shadow_copy VFS module (CVE-2014-0178)
Comment 2 Moritz Muehlenhoff univentionstaff 2014-06-27 09:32:10 CEST 

*** This bug has been marked as a duplicate of bug 35192 ***