Vulnerability Details CVE-2012-2111
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.4%
CVSS Severity
CVSS v2 Score 6.5
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
- http://marc.info/?l=bugtraq&m=134323086902585&w=2
- http://marc.info/?l=bugtraq&m=134323086902585&w=2
- http://osvdb.org/81648
- http://rhn.redhat.com/errata/RHSA-2012-0533.html
- http://secunia.com/advisories/48976
- http://secunia.com/advisories/48984
- http://secunia.com/advisories/48996
- http://secunia.com/advisories/48999
- http://secunia.com/advisories/49017
- http://secunia.com/advisories/49030
- http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
- http://www.debian.org/security/2012/dsa-2463
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:067
- http://www.samba.org/samba/security/CVE-2012-2111
- http://www.securitytracker.com/id?1026988
- http://www.ubuntu.com/usn/USN-1434-1
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
- http://marc.info/?l=bugtraq&m=134323086902585&w=2
- http://marc.info/?l=bugtraq&m=134323086902585&w=2
- http://osvdb.org/81648
- http://rhn.redhat.com/errata/RHSA-2012-0533.html
- http://secunia.com/advisories/48976
- http://secunia.com/advisories/48984
- http://secunia.com/advisories/48996
- http://secunia.com/advisories/48999
- http://secunia.com/advisories/49017
- http://secunia.com/advisories/49030
- http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
- http://www.debian.org/security/2012/dsa-2463
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:067
- http://www.samba.org/samba/security/CVE-2012-2111
- http://www.securitytracker.com/id?1026988
- http://www.ubuntu.com/usn/USN-1434-1
Products affected by CVE-2012-2111
-
cpe:2.3:a:samba:samba:3.4.0
-
cpe:2.3:a:samba:samba:3.4.1
-
cpe:2.3:a:samba:samba:3.4.10
-
cpe:2.3:a:samba:samba:3.4.11
-
cpe:2.3:a:samba:samba:3.4.12
-
cpe:2.3:a:samba:samba:3.4.13
-
cpe:2.3:a:samba:samba:3.4.14
-
cpe:2.3:a:samba:samba:3.4.15
-
cpe:2.3:a:samba:samba:3.4.16
-
cpe:2.3:a:samba:samba:3.4.2
-
cpe:2.3:a:samba:samba:3.4.3
-
cpe:2.3:a:samba:samba:3.4.4
-
cpe:2.3:a:samba:samba:3.4.5
-
cpe:2.3:a:samba:samba:3.4.6
-
cpe:2.3:a:samba:samba:3.4.7
-
cpe:2.3:a:samba:samba:3.4.8
-
cpe:2.3:a:samba:samba:3.4.9
-
cpe:2.3:a:samba:samba:3.5.0
-
cpe:2.3:a:samba:samba:3.5.1
-
cpe:2.3:a:samba:samba:3.5.10
-
cpe:2.3:a:samba:samba:3.5.11
-
cpe:2.3:a:samba:samba:3.5.12
-
cpe:2.3:a:samba:samba:3.5.13
-
cpe:2.3:a:samba:samba:3.5.14
-
cpe:2.3:a:samba:samba:3.5.2
-
cpe:2.3:a:samba:samba:3.5.3
-
cpe:2.3:a:samba:samba:3.5.4
-
cpe:2.3:a:samba:samba:3.5.5
-
cpe:2.3:a:samba:samba:3.5.6
-
cpe:2.3:a:samba:samba:3.5.7
-
cpe:2.3:a:samba:samba:3.5.8
-
cpe:2.3:a:samba:samba:3.5.9
-
cpe:2.3:a:samba:samba:3.6.0
-
cpe:2.3:a:samba:samba:3.6.1
-
cpe:2.3:a:samba:samba:3.6.2
-
cpe:2.3:a:samba:samba:3.6.3
-
cpe:2.3:a:samba:samba:3.6.4