Ivano Cristofolini

**Name of the Vulnerable Software and Affected Versions** Samba versions prior to 3.4.17 Samba versions prior to 3.5.15 Samba versions prior to 3.6.5 samba3x-client-3.5.10 samba3x-winbind-devel-3.5.10 samba3x-swat-3.5.10 samba3x-domainjoin-gui-3.5.10 samba3x-winbind-3.5.10 samba3x-common-3.5.10 samba3x-3.5.10 samba3x-doc-3.5.10 **Description** The issue is related to the LSA RPC procedures in smbd, which do not properly restrict modifications to the privileges database. This allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection. The affected procedures include CreateAccount, OpenAccount, AddAccountRights, and RemoveAccountRights. Exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information and can be carried out remotely. **Recommendations** For Samba versions prior to 3.4.17, update to version 3.4.17 or later. For Samba versions prior to 3.5.15, update to version 3.5.15 or later. For Samba versions prior to 3.6.5, update to version 3.6.5 or later. For samba3x-client-3.5.10, consider disabling the vulnerable package until a patch is available. For samba3x-winbind-devel-3.5.10, restrict access to the winbind-devel module to minimize the risk of exploitation. For samba3x-swat-3.5.10, avoid using the swat package until the issue is resolved. For samba3x-domainjoin-gui-3.5.10, consider disabling the domainjoin-gui package until a patch is available. For samba3x-winbind-3.5.10, restrict access to the winbind module to minimize the risk of exploitation. For samba3x-common-3.5.10, consider disabling the common package until a patch is available. For samba3x-3.5.10, update to a newer version that contains a fix for this issue. For samba3x-doc-3.5.10, consider disabling the doc package until a patch is available.