CVE-2012-2111
5.9 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.0%
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the “take ownership” privilege via an LSA connection.
References
lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
marc.info/?l=bugtraq&m=134323086902585&w=2
osvdb.org/81648
rhn.redhat.com/errata/RHSA-2012-0533.html
secunia.com/advisories/48976
secunia.com/advisories/48984
secunia.com/advisories/48996
secunia.com/advisories/48999
secunia.com/advisories/49017
secunia.com/advisories/49030
www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
www.debian.org/security/2012/dsa-2463
www.mandriva.com/security/advisories?name=MDVSA-2012:067
www.samba.org/samba/security/CVE-2012-2111
www.securitytracker.com/id?1026988
www.ubuntu.com/usn/USN-1434-1
Related
5.9 Medium
AI Score
Confidence
Low
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
73.0%