FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-2111

This CVE name corresponds to:

Entered Topic
2012-04-30 samba -- incorrect permission checks vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-2111
Phase Assigned(20120404)

Description

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.

References

Source Reference
CONFIRM http://www.samba.org/samba/security/CVE-2012-2111
CONFIRM http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
DEBIAN DSA-2463
FEDORA FEDORA-2012-6981
FEDORA FEDORA-2012-6999
FEDORA FEDORA-2012-7006
HP HPSBUX02789
HP SSRT100824
REDHAT RHSA-2012:0533
SUSE SUSE-SU-2012:0573
SUSE SUSE-SU-2012:0591
SUSE openSUSE-SU-2012:0583
UBUNTU USN-1434-1
OSVDB 81648
SECTRACK 1026988
SECUNIA 48999
SECUNIA 48976
SECUNIA 48984
SECUNIA 48996
SECUNIA 49017
SECUNIA 49030