|
|
|
|
| |
Credit:
The information has been provided by Brian Gorenc.
|
| |
Vulnerable Systems:
* Samba Samba 3.6.3 and prior
An attacker can exploit this issue to execute arbitrary code with root privileges. Failed exploit attempts will cause a denial-of-service condition.
Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user
from an anonymous connection.
The code generator for Samba's remote procedure call (RPC) code contained an error which caused it to generate code containing a
security flaw. This generated code is used in the parts of Samba that control marshalling and unmarshalling of RPC calls over the network.
The flaw caused checks on the variable containing the length of an allocated array to be done independently from the checks on the
variable used to allocate the memory for that array. As both these variables are controlled by the connecting client it makes it possible
for a specially crafted RPC call to cause the server to execute arbitrary code.
As this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are
encouraged to patch their Samba installations immediately.
Patch Availability:
http://samba.org/samba/patches/
CVE Information:
CVE-2012-1182
Disclosure Timeline:
Published: Apr 10 2012 12:00AM
Updated: Oct 17 2012 11:00AM
|
|
|
|
|
