|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Samba pam_winbind: privilege escalation via require_membership_of
Synthesis of the vulnerability
When pam_winbind is configured with require_membership_of indicating an invalid group, an attacker who has a domain account can authenticate locally.
Impacted software: Fedora, HP-UX, openSUSE, Solaris, RHEL, Samba, SUSE Linux Enterprise Desktop, SLES.
Severity of this computer vulnerability: 2/4.
Consequences of a hack: privileged access/rights, user access/rights.
Attacker's origin: user account.
Creation date: 03/12/2013.
Références of this announce: BID-64101, c04396638, CERTA-2013-AVI-658, CERTFR-2014-AVI-112, CERTFR-2014-AVI-244, CVE-2012-6150, FEDORA-2013-23085, FEDORA-2013-23177, HPSBUX03087, MDVSA-2013:299, openSUSE-SU-2013:1742-1, openSUSE-SU-2013:1921-1, openSUSE-SU-2014:0405-1, openSUSE-SU-2016:1106-1, openSUSE-SU-2016:1107-1, openSUSE-SU-2016:1108-1, RHSA-2014:0330-01, RHSA-2014:0383-01, SSRT101413, SUSE-SU-2014:0024-1, VIGILANCE-VUL-13858.
Description of the vulnerability
The pam_winbind module is provided by Samba. It is used to authenticate a user on a domain.
The "require_membership_of" configuration directive requires users to be member of a group to allow the access. However, if the indicated group name does not exist, the access is allowed.
When pam_winbind is configured with require_membership_of indicating an invalid group, an attacker who has a domain account can therefore authenticate locally.
Full Vigil@nce bulletin... (Free trial)
Computer vulnerabilities tracking service
Vigil@nce provides a software vulnerability alert. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system. The Vigil@nce vulnerability database contains several thousand vulnerabilities.