CVE-2012-1182: "root" credential remote code execution
Bug #978458 reported by
Rey Tucker
This bug affects 8 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (CentOS) |
Fix Released
|
Critical
|
|||
samba (Debian) |
Fix Released
|
Unknown
|
|||
samba (Fedora) |
Fix Released
|
Critical
|
|||
samba (Ubuntu) |
Fix Released
|
High
|
Tyler Hicks | ||
Hardy |
Fix Released
|
High
|
Tyler Hicks | ||
Lucid |
Fix Released
|
High
|
Tyler Hicks | ||
Natty |
Fix Released
|
High
|
Tyler Hicks | ||
Oneiric |
Fix Released
|
High
|
Tyler Hicks | ||
Precise |
Fix Released
|
High
|
Tyler Hicks |
Bug Description
CVE-2012-1182 was recently made public for a remote, unauthenticated, root code execution flaw in most samba versions 3.0+:
https:/
I believe Ubuntu's packages to be vulnerable. As the CVE is already public and patches are in the wild, I am flagging this as a security vulnerability but will un-privatize it shortly.
visibility: | private → public |
Changed in samba (Debian): | |
status: | Unknown → New |
Changed in samba (Ubuntu Precise): | |
milestone: | none → ubuntu-12.04 |
status: | Confirmed → In Progress |
tags: | added: rls-p-tracking |
Changed in samba (Ubuntu Lucid): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Tyler Hicks (tyhicks) |
Changed in samba (Ubuntu Natty): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Tyler Hicks (tyhicks) |
Changed in samba (Ubuntu Oneiric): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Tyler Hicks (tyhicks) |
Changed in samba (Ubuntu Hardy): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Tyler Hicks (tyhicks) |
Changed in samba (Debian): | |
status: | New → Fix Released |
Changed in samba (CentOS): | |
importance: | Unknown → Critical |
status: | Unknown → Fix Released |
Changed in samba (Fedora): | |
importance: | Unknown → Critical |
status: | Unknown → Fix Released |
To post a comment you must log in.
Multiple heap-based buffer overflow flaws were found in the way the code generated by Perl-based DCE/RPC IDL (PIDL) compiler of the Samba suite performed array memory allocation. Memory for an array having an is_size() attribute has been allocated based on the array length, which was provided by the Network Data Representation (NDR) marshalling code (converting parameters provided to the RPC call by the client to the NDR). On the other hand the loop retrieving array elements for a particular array used variable indicated by the size_is() attribute. A remote attacker could provide a specially-crafted remote procedure call (RPC) parameters, which once processed by the marshalling code of the Samba server would lead to Samba daemon (smbd) crash, or, potentially arbitrary code execution with the privileges of the user running the server.