DEBIAN-CVE-2012-2111

DEBIAN-CVE-2012-2111 PUBLISHED

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.

Affected Products

Vendor	Product	Versions
Debian:11	samba	0, 0, 0
Debian:13	samba	0, 0, 0
Debian:12	samba	0, 0, 0
Debian:14	samba	0, 0, 0

Timeline

Apr 30, 2012 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2012-2111 advisory

Open in Interactive Console →