Bug 5353

Summary: CVE-2012-1182, "root" credential remote code execution.
Product: Mageia Reporter: Marja Van Waes <marja11>
Component: SecurityAssignee: Buchan Milne test 2 <bgmilne>
Status: RESOLVED DUPLICATE QA Contact:
Severity: critical    
Priority: Normal    
Version: 1   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://www.samba.org/samba/security/CVE-2012-1182
Whiteboard:
Source RPM: samba-3.5.8-1.1.mga1.src.rpm CVE:
Status comment:
Bug Depends on: 5352    
Bug Blocks:    

Description Marja Van Waes 2012-04-11 16:35:43 CEST 
+++ This bug was initially created as a clone of Bug #5352 +++

Samba versions 3.6.3 and all versions previous to this are affected by
a vulnerability that allows remote code execution as the "root" user
from an anonymous connection.

The code generator for Samba's remote procedure call (RPC) code
contained an error which caused it to generate code containing a
security flaw. This generated code is used in the parts of Samba that
control marshalling and unmarshalling of RPC calls over the network.

The flaw caused checks on the variable containing the length of an
allocated array to be done independently from the checks on the
variable used to allocate the memory for that array.  As both these
variables are controlled by the connecting client it makes it possible
for a specially crafted RPC call to cause the server to execute
arbitrary code.

As this does not require an authenticated connection it is the most
serious vulnerability possible in a program, and users and vendors are
encouraged to patch their Samba installations immediately.

see also 
http://www.samba.org/samba/security/CVE-2012-1182
Comment 1 Marja Van Waes 2012-04-11 16:44:35 CEST 
sorry

*** This bug has been marked as a duplicate of bug 5336 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE