Release date:
Updated on:
Affected Systems:
Samba 3.x
Unaffected system:
Samba 3.6.5
Samba 3.5.15
Samba 3.4.17
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53307
Cve id: CVE-2012-2111
Samba is a set of programs that implement the SMB (Server Messages Block) protocol, cross-platform file sharing and print sharing services.
Samba has vulnerabilities in the security verification of CreateAccount, OpenAccount, AddAccountRights, and RemoveAccountRights RPC of LSA, attackers can obtain the "take ownership" permission and change the ownership of any files and directories on the smdb file server.
<* Source: Ivano Cristofolini
Link: http://secunia.com/advisories/48976/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Samba
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.samba.org/