SB2012043002 - Permissions, Privileges, and Access Controls in Samba

Description

This security bulletin contains information about 1 vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-2111)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote #AU# to read and manipulate data.

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.

Remediation

Install update from vendor's website.

References

• http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
• http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
• http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
• http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
• http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
• http://marc.info/?l=bugtraq&m=134323086902585&w=2
• http://osvdb.org/81648
• http://rhn.redhat.com/errata/RHSA-2012-0533.html
• http://secunia.com/advisories/48976
• http://secunia.com/advisories/48984
• http://secunia.com/advisories/48996
• http://secunia.com/advisories/48999
• http://secunia.com/advisories/49017
• http://secunia.com/advisories/49030
• http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
• http://www.debian.org/security/2012/dsa-2463
• http://www.mandriva.com/security/advisories?name=MDVSA-2012:067
• http://www.samba.org/samba/security/CVE-2012-2111
• http://www.securitytracker.com/id?1026988
• http://www.ubuntu.com/usn/USN-1434-1