Vulnerability CVE-2012-1182

Vulnerability CVE-2012-1182

Published: 2012-04-10 Modified: 2012-04-11

Description:

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

See advisories in our WLB2 database:

	Topic	Author	Date
High	HP Server Automation Linux/SunOS arbitrary code execution	HP	13.06.2012
High	Samba 3.6.3 remote root exploit	kd	25.09.2012
High	Samba SetInformationPolicy AuditEventsInfo Heap Overflow	juan vazquez	28.09.2012

Type:

CWE-189

(Numeric Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Samba -> Samba

References:

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html

http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html

http://marc.info/?l=bugtraq&m=133951282306605&w=2

http://marc.info/?l=bugtraq&m=134323086902585&w=2

http://support.apple.com/kb/HT5281

http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578

http://www.debian.org/security/2012/dsa-2450

http://www.mandriva.com/security/advisories?name=MDVSA-2012:055

http://www.samba.org/samba/history/samba-3.6.4.html

http://www.securitytracker.com/id?1026913

http://www.ubuntu.com/usn/USN-1423-1

https://www.samba.org/samba/security/CVE-2012-1182

Vulnerability CVE-2012-1182

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

See advisories in our WLB2 database:

High

HP Server Automation Linux/SunOS arbitrary code execution

High

Samba 3.6.3 remote root exploit

High

Samba SetInformationPolicy AuditEventsInfo Heap Overflow

CWE-189

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

10/10

10/10

10/10

Remote

Low

No required

Complete

Complete

Complete

Affected software

References: