CVE-2012-2111

2012-04-3000:00:00

ubuntu.com

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.0%

JSON

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4)
RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before
3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly
restrict modifications to the privileges database, which allows remote
authenticated users to obtain the “take ownership” privilege via an LSA
connection.

Bugs

<https://bugzilla.samba.org/show_bug.cgi?id=8873>

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchsamba< 2:3.4.7~dfsg-1ubuntu3.10UNKNOWN
ubuntu11.04noarchsamba< 2:3.5.8~dfsg-1ubuntu2.5UNKNOWN
ubuntu11.10noarchsamba< 2:3.5.11~dfsg-1ubuntu2.3UNKNOWN
ubuntu12.04noarchsamba< 2:3.6.3-2ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	samba	< 2:3.4.7~dfsg-1ubuntu3.10	UNKNOWN
ubuntu	11.04	noarch	samba	< 2:3.5.8~dfsg-1ubuntu2.5	UNKNOWN
ubuntu	11.10	noarch	samba	< 2:3.5.11~dfsg-1ubuntu2.3	UNKNOWN
ubuntu	12.04	noarch	samba	< 2:3.6.3-2ubuntu2.1	UNKNOWN