The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of Samba pam_winbind: privilege escalation via require_membership_of

Synthesis of the vulnerability

When pam_winbind is configured with require_membership_of indicating an invalid group, an attacker who has a domain account can authenticate locally.
Severity of this computer vulnerability: 2/4.
Creation date: 03/12/2013.
Références of this announce: BID-64101, c04396638, CERTA-2013-AVI-658, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2012-6150, FEDORA-2013-23085, FEDORA-2013-23177, HPSBUX03087, MDVSA-2013:299, openSUSE-SU-2013:1742-1, openSUSE-SU-2013:1921-1, openSUSE-SU-2014:0405-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, RHSA-2014:0330-01, RHSA-2014:0383-01, SSRT101413, SUSE-SU-2014:0024-1, VIGILANCE-VUL-13858.

Description of the vulnerability

The pam_winbind module is provided by Samba. It is used to authenticate a user on a domain.

The "require_membership_of" configuration directive requires users to be member of a group to allow the access. However, if the indicated group name does not exist, the access is allowed.

When pam_winbind is configured with require_membership_of indicating an invalid group, an attacker who has a domain account can therefore authenticate locally.
Full Vigil@nce bulletin... (Free trial)

This threat alert impacts software or systems such as Fedora, HP-UX, openSUSE, Solaris, RHEL, Samba, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this computer vulnerability bulletin is medium.

The trust level is of type confirmed by the editor, with an origin of user account.

An attacker with a expert ability can exploit this weakness note.

Solutions for this threat

Samba: version 4.1.3.
The version 4.1.3 is fixed:
  http://download.samba.org/samba/ftp/stable/

Samba: version 4.0.13.
The version 4.0.13 is fixed:
  http://download.samba.org/samba/ftp/stable/

Samba: version 3.6.22.
The version 3.6.22 is fixed:
  http://download.samba.org/samba/ftp/stable/

Samba pam_winbind: patch for require_membership_of.
A patch is available in information sources.

Fedora: new samba packages.
New packages are available:
  samba-4.0.13-1.fc19
  samba-4.1.3-2.fc20

HP-UX: fixed versions for samba.
Fixed versions are indicated in information sources.

Mandriva: new samba packages.
New packages are available:
  samba-3.6.22-1.mbs1

openSUSE 11.4/13.1: new samba packages.
New packages are available:
  openSUSE 13.1: samba 4.2.4-3.54.2, apparmor 2.8.4-4.20.1
  openSUSE 11.4: samba 3.6.3-141.1

openSUSE 12.3: new samba packages.
New packages are available:
  openSUSE 12.3: samba 3.6.12-59.19.1

openSUSE 13.1: new samba packages.
New packages are available:
  samba-4.1.0-3.12.1

RHEL 6.5: new samba4 packages.
New packages are available:
  RHEL 6: samba4 4.0.0-61.el6_5.rc4

RHEL: new samba packages.
New packages are available:
  RHEL 5: samba3x 3.6.6-0.139.el5_10
  RHEL 6: samba 3.6.9-168.el6_5

Solaris 10: patch for Samba.
A patch is available:
  SPARC: 119757-31
  X86: 119758-31

Solaris: version 11.1.16.5.0.
The version 11.1.16.5.0 is fixed:
  https://support.oracle.com/rs?type=doc&id=1627543.1

SUSE LE 11: new samba packages.
New packages are available:
  SUSE LE 11 SP2 : samba-3.6.3-0.33.39.1
  SUSE LE 11 SP3 : samba-3.6.3-0.46.1
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computer security database. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.