RHSA-2012:0533: samba and samba3x security update
|7||(AV:N/AC:L/Au:S/C:P/I:P/A:P)||April 29, 2012||April 30, 2012||July 03, 2017|
Samba is an open-source implementation of the Server Message Block (SMB) orCommon Internet File System (CIFS) protocol, which allows PC-compatiblemachines to share files, printers, and other information.A flaw was found in the way Samba handled certain Local Security Authority(LSA) Remote Procedure Calls (RPC). An authenticated user could use thisflaw to issue an RPC call that would modify the privileges database on theSamba server, allowing them to steal the ownership of files and directoriesthat are being shared by the Samba server, and create, delete, and modifyuser accounts, as well as other Samba server administration tasks.(CVE-2012-2111)Red Hat would like to thank the Samba project for reporting this issue.Upstream acknowledges Ivano Cristofolini as the original reporter.Users of Samba are advised to upgrade to these updated packages, whichcontain a backported patch to resolve this issue. After installing thisupdate, the smb service will be restarted automatically.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
- SUSE Linux Security Vulnerability: CVE-2012-2111
- Gentoo Linux: CVE-2012-2111: Samba: Multiple vulnerabilities
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- HP-UX: CVE-2012-2111: CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges
- Sun Patch: SunOS 5.10_x86: Samba patch
- Sun Patch: SunOS 5.10: Samba patch
- Samba CVE-2012-2111: Incorrect permission checks when granting/removing privileges can compromise file server security.
- FreeBSD: samba -- incorrect permission checks vulnerability (CVE-2012-2111)
- ELSA-2012-0533 Important: Oracle Linux samba and samba3x security update
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4
- DSA-2463-1 samba -- missing permission checks
- USN-1434-1: Samba vulnerability
- SUSE Linux Security Advisory: SUSE-SU-2012:0575-1
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6
- Oracle Solaris 11: CVE-2012-2111: Vulnerability in Samba
- Alpine Linux: CVE-2012-2111: samba<3.6.5 Incorrect permission checks