Samba LSA RPC `take ownership´ Privilege Security Bypass Vulnerability

Last Update Date: 22 May 2012 Release Date: 2 May 2012 5375 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in Samba, which can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to improper application of security checks in the CreateAccount, OpenAccount, AddAccountRights, and RemoveAccountRights remote procedure calls (RPC) within the Local Security Authoriy (LSA). This can be exploited to gain "take ownership" privileges and e.g. change the ownership of arbitrary files and directories on the smdb file server.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Samba versions 3.4.x through 3.6.4

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

Vulnerability Identifier

Source

Related Link

Share with

Previous

Apache HTTP Server `httpOnly´ Multiple Vulnerabilities

30 Jan 2012 5519 Views

Next

OpenSSL `asn1_d2i_read_bio()´ DER Format Data Processing Vulnerability

20 Apr 2012 5483 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY