DEBIAN-CVE-2012-6150

DEBIAN-CVE-2012-6150 PUBLISHED

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake.

Affected Products

Vendor	Product	Versions
Debian:13	samba	0, 0, 0
Debian:14	samba	0, 0, 0
Debian:12	samba	0, 0, 0
Debian:11	samba	0, 0, 0

Timeline

Dec 3, 2013 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2012-6150 advisory

Open in Interactive Console →