Description Moritz Muehlenhoff 2014-01-02 12:40:08 CET

+++ This bug was initially created as a clone of Bug #33827 +++

+++ This bug was initially created as a clone of Bug #33826 +++

CVE-2012-6150

Quoting from https://www.samba.org/samba/history/samba-4.1.3.html:

   Winbind allows for the further restriction of authenticated PAM logins using
   the require_membership_of parameter. System administrators may specify a list
   of SIDs or groups for which an authenticated user must be a member of. If an
   authenticated user does not belong to any of the entries, then login should
   fail. Invalid group name entries are ignored.

   Samba versions 3.3.10, 3.4.3, 3.5.0 and later incorrectly allow login from
   authenticated users if the require_membership_of parameter specifies only
   invalid group names.

   This is a vulnerability with low impact. All require_membership_of group
   names must be invalid for this bug to be encountered.