samba is vulnerable to authorization bypass attacks. The vulnerabiltiy exists as the (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the “take ownership” privilege via an LSA connection.
lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
marc.info/?l=bugtraq&m=134323086902585&w=2
osvdb.org/81648
rhn.redhat.com/errata/RHSA-2012-0533.html
secunia.com/advisories/48976
secunia.com/advisories/48984
secunia.com/advisories/48996
secunia.com/advisories/48999
secunia.com/advisories/49017
secunia.com/advisories/49030
www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
www.debian.org/security/2012/dsa-2463
www.mandriva.com/security/advisories?name=MDVSA-2012:067
www.samba.org/samba/security/CVE-2012-2111
www.securitytracker.com/id?1026988
www.ubuntu.com/usn/USN-1434-1
access.redhat.com/security/updates/classification/#important
rhn.redhat.com/errata/RHSA-2012-0533.html