cvelistv5 - cve-2012-2111

CVE-2012-2111 (GCVE-0-2012-2111)

Vulnerability from cvelistv5

Published

2012-04-30 14:00

Modified

2024-08-06 19:26

Severity ?

CWE

Summary

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.

References

URL

Tags

	http://www.ubuntu.com/usn/USN-1434-1	vendor-advisory, x_refsource_UBUNTU
	http://osvdb.org/81648	vdb-entry, x_refsource_OSVDB
	http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=MDVSA-2012:067	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/48996	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/49017	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1026988	vdb-entry, x_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=134323086902585&w=2	vendor-advisory, x_refsource_HP
	http://www.samba.org/samba/security/CVE-2012-2111	x_refsource_CONFIRM
	http://secunia.com/advisories/48976	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/49030	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html	vendor-advisory, x_refsource_FEDORA
	http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578	x_refsource_CONFIRM
	http://secunia.com/advisories/48984	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/48999	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2012/dsa-2463	vendor-advisory, x_refsource_DEBIAN
	http://marc.info/?l=bugtraq&m=134323086902585&w=2	vendor-advisory, x_refsource_HP
	http://rhn.redhat.com/errata/RHSA-2012-0533.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1434-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1434-1"
          },
          {
            "name": "81648",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/81648"
          },
          {
            "name": "SUSE-SU-2012:0591",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html"
          },
          {
            "name": "MDVSA-2012:067",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:067"
          },
          {
            "name": "48996",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48996"
          },
          {
            "name": "FEDORA-2012-6981",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html"
          },
          {
            "name": "49017",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49017"
          },
          {
            "name": "1026988",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026988"
          },
          {
            "name": "HPSBUX02789",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.samba.org/samba/security/CVE-2012-2111"
          },
          {
            "name": "48976",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48976"
          },
          {
            "name": "openSUSE-SU-2012:0583",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html"
          },
          {
            "name": "FEDORA-2012-6999",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html"
          },
          {
            "name": "49030",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49030"
          },
          {
            "name": "FEDORA-2012-7006",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
          },
          {
            "name": "48984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48984"
          },
          {
            "name": "48999",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48999"
          },
          {
            "name": "SUSE-SU-2012:0573",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html"
          },
          {
            "name": "DSA-2463",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2463"
          },
          {
            "name": "SSRT100824",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2"
          },
          {
            "name": "RHSA-2012:0533",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-0533.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the \"take ownership\" privilege via an LSA connection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-1434-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1434-1"
        },
        {
          "name": "81648",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/81648"
        },
        {
          "name": "SUSE-SU-2012:0591",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html"
        },
        {
          "name": "MDVSA-2012:067",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:067"
        },
        {
          "name": "48996",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48996"
        },
        {
          "name": "FEDORA-2012-6981",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html"
        },
        {
          "name": "49017",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49017"
        },
        {
          "name": "1026988",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026988"
        },
        {
          "name": "HPSBUX02789",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.samba.org/samba/security/CVE-2012-2111"
        },
        {
          "name": "48976",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48976"
        },
        {
          "name": "openSUSE-SU-2012:0583",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html"
        },
        {
          "name": "FEDORA-2012-6999",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html"
        },
        {
          "name": "49030",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49030"
        },
        {
          "name": "FEDORA-2012-7006",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
        },
        {
          "name": "48984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48984"
        },
        {
          "name": "48999",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48999"
        },
        {
          "name": "SUSE-SU-2012:0573",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html"
        },
        {
          "name": "DSA-2463",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2463"
        },
        {
          "name": "SSRT100824",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2"
        },
        {
          "name": "RHSA-2012:0533",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-0533.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2111",
    "datePublished": "2012-04-30T14:00:00.000Z",
    "dateReserved": "2012-04-04T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:26:08.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-240

Vulnerability from certfr_avis

Une vulnérabilité permettant de contourner la politique de sécurité a été découverte dans Samba. Le problème réside dans certaines méthodes pouvant être appelées à distance (RPC) qui n'appliquent pas correctement la politique de sécurité. Cette vulnérabilité conduit à l'obtention du privilège take ownership par l'attaquant, l'autorisant ainsi à modifier les droits des fichiers servis par le démon smbd.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Samba versions 3.4.x à 3.6.4 incluse.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Samba

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSamba versions 3.4.x \u00e0 3.6.4 incluse.\u003c/p\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2111"
    }
  ],
  "initial_release_date": "2012-05-02T00:00:00",
  "last_revision_date": "2012-05-02T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-240",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant de contourner la politique de s\u00e9curit\u00e9 a\n\u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eSamba\u003c/span\u003e. Le probl\u00e8me\nr\u00e9side dans certaines m\u00e9thodes pouvant \u00eatre appel\u00e9es \u00e0 distance (RPC)\nqui n\u0027appliquent pas correctement la politique de s\u00e9curit\u00e9. Cette\nvuln\u00e9rabilit\u00e9 conduit \u00e0 l\u0027obtention du privil\u00e8ge \u003cspan\nclass=\"textit\"\u003etake ownership\u003c/span\u003e par l\u0027attaquant, l\u0027autorisant ainsi\n\u00e0 modifier les droits des fichiers servis par le d\u00e9mon \u003cspan\nclass=\"textit\"\u003esmbd\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Samba",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Samba",
      "url": "http://www.samba.org/samba/security/CVE-2012-2111"
    }
  ]
}

CERTA-2012-AVI-407

Vulnerability from certfr_avis

Deux vulnérabilités ont été corrigées dans IBM SONAS. La première affecte le module RPC Samba et permet de changer le propriétaire d'un fichier ou répertoire. La deuxième concerne l'interface de l'interpréteur de commandes et peut mener à une exécution de commandes arbitraires à distance sous l'utilisateur « root ».

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM SONAS de la version 1.1 à 1.3.1.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM ssg1S1004168 du 26 juillet 2012	None	vendor-advisory
Bulletin de sécurité IBM ssg1S1004170 du 26 juillet 2012	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eIBM SONAS de la version 1.1 \u00e0 1.3.1.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2163"
    },
    {
      "name": "CVE-2012-2111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2111"
    }
  ],
  "initial_release_date": "2012-07-30T00:00:00",
  "last_revision_date": "2012-07-30T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-407",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-07-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eIBM\nSONAS\u003c/span\u003e. La premi\u00e8re affecte le module RPC \u003cspan\nclass=\"textit\"\u003eSamba\u003c/span\u003e et permet de changer le propri\u00e9taire d\u0027un\nfichier ou r\u00e9pertoire. La deuxi\u00e8me concerne l\u0027interface de\nl\u0027interpr\u00e9teur de commandes et peut mener \u00e0 une ex\u00e9cution de commandes\narbitraires \u00e0 distance sous l\u0027utilisateur \u00ab root \u00bb.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans IBM SONAS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ssg1S1004168 du 26 juillet 2012",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004168"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ssg1S1004170 du 26 juillet 2012",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004170"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-2111 (GCVE-0-2012-2111)

Vulnerability from cvelistv5

CERTA-2012-AVI-240

Vulnerability from certfr_avis

Solution

CERTA-2012-AVI-407

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature