Rapid7 Vulnerability & Exploit Database

HP-UX: CVE-2012-6150: CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access

Free InsightVM Trial No credit card necessary
Watch Demo See how it all works
Back to Search

HP-UX: CVE-2012-6150: CIFS Server (Samba), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access

Severity
4
CVSS
(AV:N/AC:H/Au:S/C:P/I:P/A:N)
Published
12/03/2013
Created
07/25/2018
Added
08/11/2017
Modified
09/12/2017

Description

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.

Solution(s)

  • hpux-update-cifs-cfsm-cfsm-krn
  • hpux-update-cifs-cfsm-cfsm-run
  • hpux-update-cifs-development-cifs-prg
  • hpux-update-cifs-server-cifs-admin
  • hpux-update-cifs-server-cifs-doc
  • hpux-update-cifs-server-cifs-lib
  • hpux-update-cifs-server-cifs-run
  • hpux-update-cifs-server-cifs-util

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;