Permissions, Privileges, and Access Controls in Samba - CVE-2012-2111

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.

How to mitigate CVE-2012-2111

Sources

• http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html
• http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html
• http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html
• http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html
• http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html
• http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html
• http://marc.info/?l=bugtraq&m=134323086902585&w=2
• http://osvdb.org/81648
• http://rhn.redhat.com/errata/RHSA-2012-0533.html
• http://secunia.com/advisories/48976
• http://secunia.com/advisories/48984
• http://secunia.com/advisories/48996
• http://secunia.com/advisories/48999
• http://secunia.com/advisories/49017
• http://secunia.com/advisories/49030
• http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
• http://www.debian.org/security/2012/dsa-2463
• http://www.mandriva.com/security/advisories?name=MDVSA-2012:067
• http://www.samba.org/samba/security/CVE-2012-2111
• http://www.securitytracker.com/id?1026988
• http://www.ubuntu.com/usn/USN-1434-1