6.5

CVE-2012-2111

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaSamba Version3.4.0
SambaSamba Version3.4.1
SambaSamba Version3.4.2
SambaSamba Version3.4.3
SambaSamba Version3.4.4
SambaSamba Version3.4.5
SambaSamba Version3.4.6
SambaSamba Version3.4.7
SambaSamba Version3.4.8
SambaSamba Version3.4.9
SambaSamba Version3.4.10
SambaSamba Version3.4.11
SambaSamba Version3.4.12
SambaSamba Version3.4.13
SambaSamba Version3.4.14
SambaSamba Version3.4.15
SambaSamba Version3.4.16
SambaSamba Version3.5.0
SambaSamba Version3.5.1
SambaSamba Version3.5.2
SambaSamba Version3.5.3
SambaSamba Version3.5.4
SambaSamba Version3.5.5
SambaSamba Version3.5.6
SambaSamba Version3.5.7
SambaSamba Version3.5.8
SambaSamba Version3.5.9
SambaSamba Version3.5.10
SambaSamba Version3.5.11
SambaSamba Version3.5.12
SambaSamba Version3.5.13
SambaSamba Version3.5.14
SambaSamba Version3.6.0
SambaSamba Version3.6.1
SambaSamba Version3.6.2
SambaSamba Version3.6.3
SambaSamba Version3.6.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.8% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=134323086902585&w=2
http://secunia.com/advisories/48999
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
http://osvdb.org/81648
http://rhn.redhat.com/errata/RHSA-2012-0533.html
http://secunia.com/advisories/48976
http://secunia.com/advisories/48984
http://secunia.com/advisories/48996
http://secunia.com/advisories/49017
http://secunia.com/advisories/49030
http://www.debian.org/security/2012/dsa-2463
http://www.mandriva.com/security/advisories?name=MDVSA-2012:067
http://www.samba.org/samba/security/CVE-2012-2111
Patch
Vendor Advisory
http://www.securitytracker.com/id?1026988
http://www.ubuntu.com/usn/USN-1434-1