Executive Summary

Summary
Titlesamba security update
Informations
NameDSA-2450First vendor Publication2012-04-12
VendorDebianLast vendor Modification2012-04-12
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.

For the stable distribution (squeeze), this problem has been fixed in version 2:3.5.6~dfsg-3squeeze7.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 2:3.6.4-1.

We recommend that you upgrade your samba packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2450

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21396
 
Oval ID: oval:org.mitre.oval:def:21396
Title: RHSA-2012:0466: samba3x security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2012:0466-02
CESA-2012:0466
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21345
 
Oval ID: oval:org.mitre.oval:def:21345
Title: RHSA-2012:0465: samba security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2012:0465-02
CESA-2012:0465
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21042
 
Oval ID: oval:org.mitre.oval:def:21042
Title: RHSA-2013:0515: openchange security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2013:0515-02
CESA-2013:0515
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): evolution-mapi
openchange
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21003
 
Oval ID: oval:org.mitre.oval:def:21003
Title: RHSA-2013:0506: samba4 security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2013:0506-02
CESA-2013:0506
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): samba4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19174
 
Oval ID: oval:org.mitre.oval:def:19174
Title: HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1182
Version: 7
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24092
 
Oval ID: oval:org.mitre.oval:def:24092
Title: ELSA-2013:0515: openchange security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2013:0515-02
CVE-2012-1182
Version: 3
Platform(s): Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23742
 
Oval ID: oval:org.mitre.oval:def:23742
Title: ELSA-2013:0506: samba4 security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2013:0506-02
CVE-2012-1182
Version: 3
Platform(s): Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23647
 
Oval ID: oval:org.mitre.oval:def:23647
Title: ELSA-2012:0465: samba security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2012:0465-02
CVE-2012-1182
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23318
 
Oval ID: oval:org.mitre.oval:def:23318
Title: ELSA-2012:0465: samba security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2012:0465-02
CVE-2012-1182
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23143
 
Oval ID: oval:org.mitre.oval:def:23143
Title: ELSA-2012:0466: samba3x security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2012:0466-02
CVE-2012-1182
Version: 3
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application144

OpenVAS Exploits

DateDescription
2012-12-13Name : SuSE Update for update openSUSE-SU-2012:0507-1 (update)
File : nvt/gb_suse_2012_0507_1.nasl
2012-08-30Name : Fedora Update for samba FEDORA-2012-5793
File : nvt/gb_fedora_2012_5793_samba_fc17.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201206-22 (Samba)
File : nvt/glsa_201206_22.nasl
2012-08-03Name : Mandriva Update for samba MDVSA-2012:055 (samba)
File : nvt/gb_mandriva_MDVSA_2012_055.nasl
2012-08-02Name : SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)
File : nvt/gb_suse_2012_0508_1.nasl
2012-07-30Name : CentOS Update for libsmbclient CESA-2012:0465 centos5
File : nvt/gb_CESA-2012_0465_libsmbclient_centos5.nasl
2012-07-30Name : CentOS Update for libsmbclient CESA-2012:0465 centos6
File : nvt/gb_CESA-2012_0465_libsmbclient_centos6.nasl
2012-07-30Name : CentOS Update for samba3x CESA-2012:0466 centos5
File : nvt/gb_CESA-2012_0466_samba3x_centos5.nasl
2012-05-18Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-05-17Name : Fedora Update for samba4 FEDORA-2012-6382
File : nvt/gb_fedora_2012_6382_samba4_fc16.nasl
2012-05-04Name : Fedora Update for samba4 FEDORA-2012-6349
File : nvt/gb_fedora_2012_6349_samba4_fc15.nasl
2012-05-04Name : Fedora Update for samba FEDORA-2012-6999
File : nvt/gb_fedora_2012_6999_samba_fc15.nasl
2012-05-04Name : Fedora Update for samba FEDORA-2012-7006
File : nvt/gb_fedora_2012_7006_samba_fc16.nasl
2012-04-30Name : FreeBSD Ports: samba34
File : nvt/freebsd_samba342.nasl
2012-04-30Name : Debian Security Advisory DSA 2450-1 (samba)
File : nvt/deb_2450_1.nasl
2012-04-23Name : Fedora Update for samba FEDORA-2012-5805
File : nvt/gb_fedora_2012_5805_samba_fc15.nasl
2012-04-16Name : Fedora Update for samba FEDORA-2012-5843
File : nvt/gb_fedora_2012_5843_samba_fc16.nasl
2012-04-13Name : Ubuntu Update for samba USN-1423-1
File : nvt/gb_ubuntu_USN_1423_1.nasl
2012-04-11Name : RedHat Update for samba RHSA-2012:0465-01
File : nvt/gb_RHSA-2012_0465-01_samba.nasl
2012-04-11Name : RedHat Update for samba3x RHSA-2012:0466-01
File : nvt/gb_RHSA-2012_0466-01_samba3x.nasl

Snort® IPS/IDS

DateDescription
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 23240 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22012 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22011 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22010 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22009 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22008 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22007 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22006 - Revision : 5 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22005 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 22004 - Revision : 4 - Type : SERVER-SAMBA
2014-01-10Samba malicious user defined array size and buffer attempt
RuleID : 21806 - Revision : 6 - Type : SERVER-SAMBA

Metasploit Database

idDescription
2012-04-10 Samba SetInformationPolicy AuditEventsInfo Heap Overflow

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0506.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0515.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0465.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0466.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0478.nasl - Type : ACT_GATHER_INFO
2013-03-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0506.nasl - Type : ACT_GATHER_INFO
2013-03-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0515.nasl - Type : ACT_GATHER_INFO
2013-03-05Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130221_openchange_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-03-05Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130221_samba4_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0506.nasl - Type : ACT_GATHER_INFO
2013-02-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0515.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120410_samba3x_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120410_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-22.nasl - Type : ACT_GATHER_INFO
2012-05-16Name : The remote Fedora host is missing a security update.
File : fedora_2012-6382.nasl - Type : ACT_GATHER_INFO
2012-05-10Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO
2012-05-04Name : The remote Fedora host is missing a security update.
File : fedora_2012-6349.nasl - Type : ACT_GATHER_INFO
2012-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2012-5805.nasl - Type : ACT_GATHER_INFO
2012-04-19Name : The remote Fedora host is missing a security update.
File : fedora_2012-5793.nasl - Type : ACT_GATHER_INFO
2012-04-17Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ldapsmb-120415.nasl - Type : ACT_GATHER_INFO
2012-04-16Name : The remote Fedora host is missing a security update.
File : fedora_2012-5843.nasl - Type : ACT_GATHER_INFO
2012-04-16Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cifs-mount-8058.nasl - Type : ACT_GATHER_INFO
2012-04-16Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cifs-mount-120411.nasl - Type : ACT_GATHER_INFO
2012-04-13Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1423-1.nasl - Type : ACT_GATHER_INFO
2012-04-13Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2450.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-055.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0465.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0466.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote Samba server is affected by multiple buffer overflow vulnerabilities.
File : samba_rpc_multiple_buffer_overflows.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_baf37cd2835111e1894e00215c6a37bb.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0465.nasl - Type : ACT_GATHER_INFO
2012-04-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0466.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:31:00
  • Multiple Updates