Vigil@nce - Samba pam_winbind: privilege escalation via require_membership_of
December 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When pam_winbind is configured with require_membership_of
indicating an invalid group, an attacker who has a domain account
can authenticate locally.
– Impacted products: Fedora, Samba
– Severity: 2/4
– Creation date: 03/12/2013
DESCRIPTION OF THE VULNERABILITY
The pam_winbind module is provided by Samba. It is used to
authenticate a user on a domain.
The "require_membership_of" configuration directive requires users
to be member of a group to allow the access. However, if the
indicated group name does not exist, the access is allowed.
When pam_winbind is configured with require_membership_of
indicating an invalid group, an attacker who has a domain account
can therefore authenticate locally.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN