CVE 2012-1182
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Related bugs and status
CVE-2012-1182 (Candidate) is related to these bugs:
Bug #978458: CVE-2012-1182: "root" credential remote code execution
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
978458 | CVE-2012-1182: "root" credential remote code execution | samba (Ubuntu) | High | Fix Released | ||
978458 | CVE-2012-1182: "root" credential remote code execution | samba (Debian) | Unknown | Fix Released | ||
978458 | CVE-2012-1182: "root" credential remote code execution | samba (CentOS) | Critical | Fix Released | ||
978458 | CVE-2012-1182: "root" credential remote code execution | samba (Fedora) | Critical | Fix Released | ||
978458 | CVE-2012-1182: "root" credential remote code execution | samba (Ubuntu Precise) | High | Fix Released | ||
978458 | CVE-2012-1182: "root" credential remote code execution | samba (Ubuntu Hardy) | High | Fix Released | ||
978458 | CVE-2012-1182: "root" credential remote code execution | samba (Ubuntu Lucid) | High | Fix Released | ||
978458 | CVE-2012-1182: "root" credential remote code execution | samba (Ubuntu Natty) | High | Fix Released | ||
978458 | CVE-2012-1182: "root" credential remote code execution | samba (Ubuntu Oneiric) | High | Fix Released |
Bug #979808: PIDL based autogenerated code allows overwriting beyond of allocated array
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
979808 | PIDL based autogenerated code allows overwriting beyond of allocated array | samba4 (Ubuntu) | Critical | Fix Released | ||
979808 | PIDL based autogenerated code allows overwriting beyond of allocated array | samba4 (Ubuntu Lucid) | High | Won't Fix | ||
979808 | PIDL based autogenerated code allows overwriting beyond of allocated array | samba4 (Ubuntu Natty) | High | Invalid | ||
979808 | PIDL based autogenerated code allows overwriting beyond of allocated array | samba4 (Ubuntu Oneiric) | High | Invalid |
Bug #980758: new buffer overflow attack on samba 3.6.3 -> enables unauthenticated remote root access
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
980758 | new buffer overflow attack on samba 3.6.3 -> enables unauthenticated remote root access | samba (Ubuntu) | Undecided | Invalid |
Bug #988509: setoption.pl is not executable
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
988509 | setoption.pl is not executable | samba4 (Ubuntu) | High | Fix Released | ||
988509 | setoption.pl is not executable | samba4 (Ubuntu Precise) | High | Invalid |
Bug #999764: [SRU] no ufw profile or apport hook is included in the 12.04 packages
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
999764 | [SRU] no ufw profile or apport hook is included in the 12.04 packages | samba (Ubuntu) | High | Fix Released | ||
999764 | [SRU] no ufw profile or apport hook is included in the 12.04 packages | samba (Ubuntu Precise) | High | Fix Released | ||
999764 | [SRU] no ufw profile or apport hook is included in the 12.04 packages | samba (Ubuntu Quantal) | High | Fix Released |
See the
CVE page on Mitre.org
for more details.