CVE Vulnerabilities

CVE-2012-2111

Published: Apr 30, 2012 | Modified: Jan 05, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the take ownership privilege via an LSA connection.

Affected Software

Name Vendor Start Version End Version
Samba Samba 3.4.2 3.4.2
Samba Samba 3.4.11 3.4.11
Samba Samba 3.4.0 3.4.0
Samba Samba 3.4.7 3.4.7
Samba Samba 3.4.8 3.4.8
Samba Samba 3.4.5 3.4.5
Samba Samba 3.4.6 3.4.6
Samba Samba 3.4.16 3.4.16
Samba Samba 3.4.1 3.4.1
Samba Samba 3.4.12 3.4.12
Samba Samba 3.4.13 3.4.13
Samba Samba 3.4.10 3.4.10
Samba Samba 3.4.4 3.4.4
Samba Samba 3.4.3 3.4.3
Samba Samba 3.4.14 3.4.14
Samba Samba 3.4.9 3.4.9
Samba Samba 3.4.15 3.4.15

References