CVE-2012-2111

EUVD-2012-2114
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
sambasamba
3.4.0
sambasamba
3.4.1
sambasamba
3.4.2
sambasamba
3.4.3
sambasamba
3.4.4
sambasamba
3.4.5
sambasamba
3.4.6
sambasamba
3.4.7
sambasamba
3.4.8
sambasamba
3.4.9
sambasamba
3.4.10
sambasamba
3.4.11
sambasamba
3.4.12
sambasamba
3.4.13
sambasamba
3.4.14
sambasamba
3.4.15
sambasamba
3.4.16
sambasamba
3.5.0
sambasamba
3.5.1
sambasamba
3.5.2
sambasamba
3.5.3
sambasamba
3.5.4
sambasamba
3.5.5
sambasamba
3.5.6
sambasamba
3.5.7
sambasamba
3.5.8
sambasamba
3.5.9
sambasamba
3.5.10
sambasamba
3.5.11
sambasamba
3.5.12
sambasamba
3.5.13
sambasamba
3.5.14
sambasamba
3.6.0
sambasamba
3.6.1
sambasamba
3.6.2
sambasamba
3.6.3
sambasamba
3.6.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
hardy
not-affected
lucid
Fixed 2:3.4.7~dfsg-1ubuntu3.10
released
natty
Fixed 2:3.5.8~dfsg-1ubuntu2.5
released
oneiric
Fixed 2:3.5.11~dfsg-1ubuntu2.3
released
precise
Fixed 2:3.6.3-2ubuntu2.1
released
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
http://marc.info/?l=bugtraq&m=134323086902585&w=2
http://osvdb.org/81648
http://rhn.redhat.com/errata/RHSA-2012-0533.html
http://secunia.com/advisories/48976
http://secunia.com/advisories/48984
http://secunia.com/advisories/48996
http://secunia.com/advisories/48999
http://secunia.com/advisories/49017
http://secunia.com/advisories/49030
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
http://www.debian.org/security/2012/dsa-2463
http://www.mandriva.com/security/advisories?name=MDVSA-2012:067
http://www.samba.org/samba/security/CVE-2012-2111
http://www.securitytracker.com/id?1026988
http://www.ubuntu.com/usn/USN-1434-1
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
http://marc.info/?l=bugtraq&m=134323086902585&w=2
http://osvdb.org/81648
http://rhn.redhat.com/errata/RHSA-2012-0533.html
http://secunia.com/advisories/48976
http://secunia.com/advisories/48984
http://secunia.com/advisories/48996
http://secunia.com/advisories/48999
http://secunia.com/advisories/49017
http://secunia.com/advisories/49030
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
http://www.debian.org/security/2012/dsa-2463
http://www.mandriva.com/security/advisories?name=MDVSA-2012:067
http://www.samba.org/samba/security/CVE-2012-2111
http://www.securitytracker.com/id?1026988
http://www.ubuntu.com/usn/USN-1434-1