Univention Bugzilla – Bug 33828
samba: Multiple issues (3.2)
Last modified: 2015-08-31 15:25:24 CEST
+++ This bug was initially created as a clone of Bug #33827 +++ +++ This bug was initially created as a clone of Bug #33826 +++ CVE-2012-6150 Quoting from https://www.samba.org/samba/history/samba-4.1.3.html: Winbind allows for the further restriction of authenticated PAM logins using the require_membership_of parameter. System administrators may specify a list of SIDs or groups for which an authenticated user must be a member of. If an authenticated user does not belong to any of the entries, then login should fail. Invalid group name entries are ignored. Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from authenticated users if the require_membership_of parameter specifies only invalid group names. This is a vulnerability with low impact. All require_membership_of group names must be invalid for this bug to be encountered.
Information leak in shadow_copy VFS module (CVE-2014-0178)
*** This bug has been marked as a duplicate of bug 35192 ***