Bug 5352

Summary: CVE-2012-1182, "root" credential remote code execution.
Product: Mageia Reporter: Marja Van Waes <marja11>
Component: SecurityAssignee: Buchan Milne test 2 <bgmilne>
Status: RESOLVED FIXED QA Contact:
Severity: critical    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://www.samba.org/samba/security/CVE-2012-1182
Whiteboard:
Source RPM: samba-3.6.3-1.mga2.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 5353    

Description Marja Van Waes 2012-04-11 16:34:02 CEST 
Samba versions 3.6.3 and all versions previous to this are affected by
a vulnerability that allows remote code execution as the "root" user
from an anonymous connection.

The code generator for Samba's remote procedure call (RPC) code
contained an error which caused it to generate code containing a
security flaw. This generated code is used in the parts of Samba that
control marshalling and unmarshalling of RPC calls over the network.

The flaw caused checks on the variable containing the length of an
allocated array to be done independently from the checks on the
variable used to allocate the memory for that array.  As both these
variables are controlled by the connecting client it makes it possible
for a specially crafted RPC call to cause the server to execute
arbitrary code.

As this does not require an authenticated connection it is the most
serious vulnerability possible in a program, and users and vendors are
encouraged to patch their Samba installations immediately.

see also 
http://www.samba.org/samba/security/CVE-2012-1182
Marja Van Waes 2012-04-11 16:35:43 CEST

Blocks: (none) => 5353

Comment 1 Marja Van Waes 2012-04-11 16:45:30 CEST 
already solved by pterjan

Status: NEW => RESOLVED
Resolution: (none) => FIXED