CVE-2012-2111

Loading...

General

Score:6.5/10.0
Severity:Medium
Category:Access Control Error

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:Multiple

Relative vulnerabilities

CVE-2007-2444, CVE-2007-2446, CVE-2007-2447, CVE-2008-1105, CVE-2008-3789, CVE-2008-4314, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948, CVE-2009-3297, CVE-2010-0728, CVE-2010-3069, CVE-2011-0719, CVE-2011-2522, CVE-2011-2694, CVE-2012-0817, CVE-2012-1182, CVE-2012-1568, CVE-2012-1586, CVE-2012-6150, CVE-2013-0172, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124, CVE-2013-4408, CVE-2013-4475, CVE-2013-4496, CVE-2013-6442, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560, CVE-2015-0240, CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-5370, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118, CVE-2016-2119, CVE-2016-2125, CVE-2016-2126, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163, CVE-2017-14746, CVE-2017-15275, CVE-2017-2619, CVE-2017-7494, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139

Published on 30/04/12 - Updated on 05/01/18

Description

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2012-2111
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2012-AVI-240, CERTA-2012-AVI-407
CentOS CESA-2012:0533
Debian DSA-2463-1
Oracle Linux ELSA-2012-0533, ELSA-2017-0662, ELSA-2018-1860, ELSA-2018-3056
Redhat RHSA-2012:0533
Renater 2012/VULN203, 2012/VULN297
SUSE SUSE-SU-2012:0573, SUSE-SU-2012:0575, SUSE-SU-2012:0591
Ubuntu USN-1434-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
sambasamba

Share this vulnerability with:

Twitter Facebook LinkedIn Mail