Back to search
CVE-2012-2111
Published: Apr 30, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-1434-1
vendor-advisory
x_refsource_UBUNTU
81648
vdb-entry
x_refsource_OSVDB
SUSE-SU-2012:0591
vendor-advisory
x_refsource_SUSE
MDVSA-2012:067
vendor-advisory
x_refsource_MANDRIVA
48996
third-party-advisory
x_refsource_SECUNIA
FEDORA-2012-6981
vendor-advisory
x_refsource_FEDORA
49017
third-party-advisory
x_refsource_SECUNIA
1026988
vdb-entry
x_refsource_SECTRACK
HPSBUX02789
vendor-advisory
x_refsource_HP
http://www.samba.org/samba/security/CVE-2012-2111
x_refsource_CONFIRM
48976
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2012:0583
vendor-advisory
x_refsource_SUSE
FEDORA-2012-6999
vendor-advisory
x_refsource_FEDORA
49030
third-party-advisory
x_refsource_SECUNIA
FEDORA-2012-7006
vendor-advisory
x_refsource_FEDORA
48984
third-party-advisory
x_refsource_SECUNIA
48999
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2012:0573
vendor-advisory
x_refsource_SUSE
DSA-2463
vendor-advisory
x_refsource_DEBIAN
SSRT100824
vendor-advisory
x_refsource_HP
RHSA-2012:0533
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now