[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

247213

 
 

909

 
 

194329

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2111Date: (C)2012-04-30   (M)2023-12-22


The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1026988
SECUNIA-48976
SECUNIA-48984
SECUNIA-48996
SECUNIA-48999
SECUNIA-49017
SECUNIA-49030
OSVDB-81648
DSA-2463
FEDORA-2012-6981
FEDORA-2012-6999
FEDORA-2012-7006
MDVSA-2012:067
RHSA-2012:0533
SSRT100824
SUSE-SU-2012:0573
SUSE-SU-2012:0591
USN-1434-1
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
http://www.samba.org/samba/security/CVE-2012-2111
openSUSE-SU-2012:0583

CPE    37
cpe:/a:samba:samba:3.5.13
cpe:/a:samba:samba:3.4.9
cpe:/a:samba:samba:3.5.14
cpe:/a:samba:samba:3.4.7
...
CWE    1
CWE-264
OVAL    15
oval:org.secpod.oval:def:600792
oval:org.secpod.oval:def:202330
oval:org.secpod.oval:def:103737
oval:org.secpod.oval:def:103738
...

© SecPod Technologies