Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Titlesamba security update
Informations
NameDSA-2450First vendor Publication2012-04-12
VendorDebianLast vendor Modification2012-04-12
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.

For the stable distribution (squeeze), this problem has been fixed in version 2:3.5.6~dfsg-3squeeze7.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 2:3.6.4-1.

We recommend that you upgrade your samba packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2450

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21396
 
Oval ID: oval:org.mitre.oval:def:21396
Title: RHSA-2012:0466: samba3x security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2012:0466-02
CESA-2012:0466
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21345
 
Oval ID: oval:org.mitre.oval:def:21345
Title: RHSA-2012:0465: samba security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2012:0465-02
CESA-2012:0465
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21042
 
Oval ID: oval:org.mitre.oval:def:21042
Title: RHSA-2013:0515: openchange security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2013:0515-02
CESA-2013:0515
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): evolution-mapi
openchange
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21003
 
Oval ID: oval:org.mitre.oval:def:21003
Title: RHSA-2013:0506: samba4 security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2013:0506-02
CESA-2013:0506
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): samba4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19714
 
Oval ID: oval:org.mitre.oval:def:19714
Title: DSA-2450-1 samba - privilege escalation
Description: It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.
Family: unix Class: patch
Reference(s): DSA-2450-1
CVE-2012-1182
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19174
 
Oval ID: oval:org.mitre.oval:def:19174
Title: HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1182
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17426
 
Oval ID: oval:org.mitre.oval:def:17426
Title: USN-1423-1 -- samba vulnerability
Description: Samba could be made to run programs as the administrator if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1423-1
CVE-2012-1182
Version: 7
Platform(s): Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24092
 
Oval ID: oval:org.mitre.oval:def:24092
Title: ELSA-2013:0515: openchange security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2013:0515-02
CVE-2012-1182
Version: 6
Platform(s): Oracle Linux 6
Product(s): evolution-mapi
openchange
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23742
 
Oval ID: oval:org.mitre.oval:def:23742
Title: ELSA-2013:0506: samba4 security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2013:0506-02
CVE-2012-1182
Version: 6
Platform(s): Oracle Linux 6
Product(s): samba4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23647
 
Oval ID: oval:org.mitre.oval:def:23647
Title: ELSA-2012:0465: samba security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2012:0465-02
CVE-2012-1182
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23318
 
Oval ID: oval:org.mitre.oval:def:23318
Title: DEPRECATED: ELSA-2012:0465: samba security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2012:0465-02
CVE-2012-1182
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23143
 
Oval ID: oval:org.mitre.oval:def:23143
Title: ELSA-2012:0466: samba3x security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2012:0466-02
CVE-2012-1182
Version: 6
Platform(s): Oracle Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27814
 
Oval ID: oval:org.mitre.oval:def:27814
Title: ELSA-2012-0466 -- samba3x security update (critical)
Description: [3.5.10-0.108] - Security Release, fixes CVE-2012-1182 - resolves: #804650
Family: unix Class: patch
Reference(s): ELSA-2012-0466
CVE-2012-1182
Version: 3
Platform(s): Oracle Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27693
 
Oval ID: oval:org.mitre.oval:def:27693
Title: ELSA-2013-0515 -- openchange security, bug fix and enhancement update (moderate)
Description: A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls. With this update, the code has been generated with an updated version of PIDL to correct this issue.
Family: unix Class: patch
Reference(s): ELSA-2013-0515
CVE-2012-1182
Version: 3
Platform(s): Oracle Linux 6
Product(s): evolution-mapi
openchange
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27521
 
Oval ID: oval:org.mitre.oval:def:27521
Title: ELSA-2012-0465 -- samba security update (critical)
Description: [3.5.10-115] - Security Release, fixes CVE-2012-1182 - resolves: #804644
Family: unix Class: patch
Reference(s): ELSA-2012-0465
CVE-2012-1182
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26936
 
Oval ID: oval:org.mitre.oval:def:26936
Title: ELSA-2013-0506 -- samba4 security, bug fix and enhancement update (moderate)
Description: [4.0.0-55.rc4] - Fix dependencies of samba4-test package. - related: #896142
Family: unix Class: patch
Reference(s): ELSA-2013-0506
CVE-2012-1182
Version: 3
Platform(s): Oracle Linux 6
Product(s): samba4
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application144

OpenVAS Exploits

DateDescription
2012-12-13Name : SuSE Update for update openSUSE-SU-2012:0507-1 (update)
File : nvt/gb_suse_2012_0507_1.nasl
2012-08-30Name : Fedora Update for samba FEDORA-2012-5793
File : nvt/gb_fedora_2012_5793_samba_fc17.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201206-22 (Samba)
File : nvt/glsa_201206_22.nasl
2012-08-03Name : Mandriva Update for samba MDVSA-2012:055 (samba)
File : nvt/gb_mandriva_MDVSA_2012_055.nasl
2012-08-02Name : SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)
File : nvt/gb_suse_2012_0508_1.nasl
2012-07-30Name : CentOS Update for libsmbclient CESA-2012:0465 centos5
File : nvt/gb_CESA-2012_0465_libsmbclient_centos5.nasl
2012-07-30Name : CentOS Update for libsmbclient CESA-2012:0465 centos6
File : nvt/gb_CESA-2012_0465_libsmbclient_centos6.nasl
2012-07-30Name : CentOS Update for samba3x CESA-2012:0466 centos5
File : nvt/gb_CESA-2012_0466_samba3x_centos5.nasl
2012-05-18Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-05-17Name : Fedora Update for samba4 FEDORA-2012-6382
File : nvt/gb_fedora_2012_6382_samba4_fc16.nasl
2012-05-04Name : Fedora Update for samba4 FEDORA-2012-6349
File : nvt/gb_fedora_2012_6349_samba4_fc15.nasl
2012-05-04Name : Fedora Update for samba FEDORA-2012-6999
File : nvt/gb_fedora_2012_6999_samba_fc15.nasl
2012-05-04Name : Fedora Update for samba FEDORA-2012-7006
File : nvt/gb_fedora_2012_7006_samba_fc16.nasl
2012-04-30Name : FreeBSD Ports: samba34
File : nvt/freebsd_samba342.nasl
2012-04-30Name : Debian Security Advisory DSA 2450-1 (samba)
File : nvt/deb_2450_1.nasl
2012-04-23Name : Fedora Update for samba FEDORA-2012-5805
File : nvt/gb_fedora_2012_5805_samba_fc15.nasl
2012-04-16Name : Fedora Update for samba FEDORA-2012-5843
File : nvt/gb_fedora_2012_5843_samba_fc16.nasl
2012-04-13Name : Ubuntu Update for samba USN-1423-1
File : nvt/gb_ubuntu_USN_1423_1.nasl
2012-04-11Name : RedHat Update for samba RHSA-2012:0465-01
File : nvt/gb_RHSA-2012_0465-01_samba.nasl
2012-04-11Name : RedHat Update for samba3x RHSA-2012:0466-01
File : nvt/gb_RHSA-2012_0466-01_samba3x.nasl

Snort® IPS/IDS

DateDescription
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 23240 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22012 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22011 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22010 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22009 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22008 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22007 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22006 - Revision : 5 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22005 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22004 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 21806 - Revision : 6 - Type : SERVER-SAMBA

Metasploit Database

idDescription
2012-04-10 Samba SetInformationPolicy AuditEventsInfo Heap Overflow

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-223.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-224.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0506.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0515.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0465.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0466.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0478.nasl - Type : ACT_GATHER_INFO
2013-03-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0506.nasl - Type : ACT_GATHER_INFO
2013-03-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0515.nasl - Type : ACT_GATHER_INFO
2013-03-05Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130221_openchange_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-03-05Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130221_samba4_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0506.nasl - Type : ACT_GATHER_INFO
2013-02-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0515.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120410_samba3x_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120410_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-22.nasl - Type : ACT_GATHER_INFO
2012-05-16Name : The remote Fedora host is missing a security update.
File : fedora_2012-6382.nasl - Type : ACT_GATHER_INFO
2012-05-10Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO
2012-05-04Name : The remote Fedora host is missing a security update.
File : fedora_2012-6349.nasl - Type : ACT_GATHER_INFO
2012-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2012-5805.nasl - Type : ACT_GATHER_INFO
2012-04-19Name : The remote Fedora host is missing a security update.
File : fedora_2012-5793.nasl - Type : ACT_GATHER_INFO
2012-04-17Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ldapsmb-120415.nasl - Type : ACT_GATHER_INFO
2012-04-16Name : The remote Fedora host is missing a security update.
File : fedora_2012-5843.nasl - Type : ACT_GATHER_INFO
2012-04-16Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cifs-mount-8058.nasl - Type : ACT_GATHER_INFO
2012-04-16Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cifs-mount-120411.nasl - Type : ACT_GATHER_INFO
2012-04-13Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1423-1.nasl - Type : ACT_GATHER_INFO
2012-04-13Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2450.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-055.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0465.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0466.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote Samba server is affected by multiple buffer overflow vulnerabilities.
File : samba_rpc_multiple_buffer_overflows.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_baf37cd2835111e1894e00215c6a37bb.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0465.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0466.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:31:00
  • Multiple Updates