Unrated severityNVD Advisory· Published Apr 30, 2012· Updated Jun 16, 2026
CVE-2012-2111
CVE-2012-2111
Description
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
39cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*+ 37 more
- cpe:2.3:a:samba:samba:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:samba:samba:3.6.4:*:*:*:*:*:*:*
- (no CPE)range: <3.4.17, <3.5.15, <3.6.5
Patches
Vulnerability mechanics
References
21- www.samba.org/samba/security/CVE-2012-2111nvdPatchVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-May/079670.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-May/079677.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-04/msg00023.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-05/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-05/msg00003.htmlnvd
- marc.infonvd
- osvdb.org/81648nvd
- rhn.redhat.com/errata/RHSA-2012-0533.htmlnvd
- secunia.com/advisories/48976nvd
- secunia.com/advisories/48984nvd
- secunia.com/advisories/48996nvd
- secunia.com/advisories/48999nvd
- secunia.com/advisories/49017nvd
- secunia.com/advisories/49030nvd
- www.collax.com/produkte/AllinOne-server-for-small-businessesnvd
- www.debian.org/security/2012/dsa-2463nvd
- www.mandriva.com/security/advisoriesnvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/USN-1434-1nvd
News mentions
0No linked articles in our index yet.