Vulnerability Description
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | 3.4.0 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
- http://marc.info/?l=bugtraq&m=134323086902585&w=2
- http://osvdb.org/81648
- http://rhn.redhat.com/errata/RHSA-2012-0533.html
- http://secunia.com/advisories/48976
- http://secunia.com/advisories/48984
- http://secunia.com/advisories/48996
- http://secunia.com/advisories/48999
- http://secunia.com/advisories/49017
- http://secunia.com/advisories/49030
FAQ
What is CVE-2012-2111?
CVE-2012-2111 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not pr...
How severe is CVE-2012-2111?
CVE-2012-2111 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2111?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba.