CVE-2012-2111

N/A Unknown

Published: April 30, 2012 Modified: April 29, 2026

Description

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=134323086902585&w=2

Source: secalert@redhat.com

http://osvdb.org/81648

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-0533.html

Source: secalert@redhat.com

http://secunia.com/advisories/48976

Source: secalert@redhat.com

http://secunia.com/advisories/48984

Source: secalert@redhat.com

http://secunia.com/advisories/48996

Source: secalert@redhat.com

http://secunia.com/advisories/48999

Source: secalert@redhat.com

http://secunia.com/advisories/49017

Source: secalert@redhat.com

http://secunia.com/advisories/49030

Source: secalert@redhat.com

http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578

Source: secalert@redhat.com

http://www.debian.org/security/2012/dsa-2463

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2012:067

Source: secalert@redhat.com

http://www.samba.org/samba/security/CVE-2012-2111

Source: secalert@redhat.com

Patch Vendor Advisory

http://www.securitytracker.com/id?1026988

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1434-1

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=134323086902585&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/81648

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-0533.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48976

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48984

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48996

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/48999

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/49017

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/49030

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2012/dsa-2463

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2012:067

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.samba.org/samba/security/CVE-2012-2111

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://www.securitytracker.com/id?1026988

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1434-1

Source: af854a3a-2127-422b-91ae-364da2661108

42 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

4.8%

91th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

samba

Related CVEs

CVE-2026-9677 N/A

CVE-2026-13245 6.1

CVE-2026-12404 5.3

CVE-2026-10820 N/A

CVE-2026-12415 9.8