CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
73.3%
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the “take ownership” privilege via an LSA connection.
Vendor | Product | Version | CPE |
---|---|---|---|
samba | samba | 3.4.0 | cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:* |
samba | samba | 3.4.1 | cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:* |
samba | samba | 3.4.2 | cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:* |
samba | samba | 3.4.3 | cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:* |
samba | samba | 3.4.4 | cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:* |
samba | samba | 3.4.5 | cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:* |
samba | samba | 3.4.6 | cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:* |
samba | samba | 3.4.7 | cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:* |
samba | samba | 3.4.8 | cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:* |
samba | samba | 3.4.9 | cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
marc.info/?l=bugtraq&m=134323086902585&w=2
osvdb.org/81648
rhn.redhat.com/errata/RHSA-2012-0533.html
secunia.com/advisories/48976
secunia.com/advisories/48984
secunia.com/advisories/48996
secunia.com/advisories/48999
secunia.com/advisories/49017
secunia.com/advisories/49030
www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
www.debian.org/security/2012/dsa-2463
www.mandriva.com/security/advisories?name=MDVSA-2012:067
www.samba.org/samba/security/CVE-2012-2111
www.securitytracker.com/id?1026988
www.ubuntu.com/usn/USN-1434-1