Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-2111

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.

Related bugs and status

CVE-2012-2111 (Candidate) is related to these bugs:

Bug #999764: [SRU] no ufw profile or apport hook is included in the 12.04 packages

		In	Importance	Status
999764	[SRU] no ufw profile or apport hook is included in the 12.04 packages	samba (Ubuntu)	High	Fix Released
999764	[SRU] no ufw profile or apport hook is included in the 12.04 packages	samba (Ubuntu Precise)	High	Fix Released
999764	[SRU] no ufw profile or apport hook is included in the 12.04 packages	samba (Ubuntu Quantal)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securitytra...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://osvdb.org/81648
MISC: http://www.debian.org/...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.mandriva.co...
MISC: http://rhn.redhat.com/...
MISC: http://marc.info/?l=bu...
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....
MISC: http://www.ubuntu.com/...
MISC: http://www.collax.com/...
MISC: http://www.samba.org/s...
MISC: http://lists.opensuse....