Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title HP Server Automation, Remote Execution of Arbitrary Code
Informations
Name HPSBMU02790 SSRT100872 First vendor Publication 2012-06-11
Vendor HP Last vendor Modification 2012-06-11
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified with HP Server Automation for Linux and SunOS. This vulnerability could by exploited remotely resulting in the execution of arbitrary code. The vulnerability is in Samba which is used in HP Server Automation.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03366886

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17426
 
Oval ID: oval:org.mitre.oval:def:17426
Title: USN-1423-1 -- samba vulnerability
Description: Samba could be made to run programs as the administrator if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-1423-1
CVE-2012-1182
Version: 7
Platform(s): Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04
Ubuntu 8.04
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19174
 
Oval ID: oval:org.mitre.oval:def:19174
Title: HP-UX CIFS Server (Samba), Remote Execution of Arbitrary Code, Elevation of Privileges
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: vulnerability
Reference(s): CVE-2012-1182
Version: 12
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19714
 
Oval ID: oval:org.mitre.oval:def:19714
Title: DSA-2450-1 samba - privilege escalation
Description: It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.
Family: unix Class: patch
Reference(s): DSA-2450-1
CVE-2012-1182
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21003
 
Oval ID: oval:org.mitre.oval:def:21003
Title: RHSA-2013:0506: samba4 security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2013:0506-02
CESA-2013:0506
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): samba4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21042
 
Oval ID: oval:org.mitre.oval:def:21042
Title: RHSA-2013:0515: openchange security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2013:0515-02
CESA-2013:0515
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): evolution-mapi
openchange
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21345
 
Oval ID: oval:org.mitre.oval:def:21345
Title: RHSA-2012:0465: samba security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2012:0465-02
CESA-2012:0465
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21396
 
Oval ID: oval:org.mitre.oval:def:21396
Title: RHSA-2012:0466: samba3x security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): RHSA-2012:0466-02
CESA-2012:0466
CVE-2012-1182
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23143
 
Oval ID: oval:org.mitre.oval:def:23143
Title: ELSA-2012:0466: samba3x security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2012:0466-02
CVE-2012-1182
Version: 6
Platform(s): Oracle Linux 5
Product(s): samba3x
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23318
 
Oval ID: oval:org.mitre.oval:def:23318
Title: DEPRECATED: ELSA-2012:0465: samba security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2012:0465-02
CVE-2012-1182
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23647
 
Oval ID: oval:org.mitre.oval:def:23647
Title: ELSA-2012:0465: samba security update (Critical)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2012:0465-02
CVE-2012-1182
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23742
 
Oval ID: oval:org.mitre.oval:def:23742
Title: ELSA-2013:0506: samba4 security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2013:0506-02
CVE-2012-1182
Version: 6
Platform(s): Oracle Linux 6
Product(s): samba4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24092
 
Oval ID: oval:org.mitre.oval:def:24092
Title: ELSA-2013:0515: openchange security, bug fix and enhancement update (Moderate)
Description: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Family: unix Class: patch
Reference(s): ELSA-2013:0515-02
CVE-2012-1182
Version: 6
Platform(s): Oracle Linux 6
Product(s): evolution-mapi
openchange
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26936
 
Oval ID: oval:org.mitre.oval:def:26936
Title: DEPRECATED: ELSA-2013-0506 -- samba4 security, bug fix and enhancement update (moderate)
Description: [4.0.0-55.rc4] - Fix dependencies of samba4-test package. - related: #896142
Family: unix Class: patch
Reference(s): ELSA-2013-0506
CVE-2012-1182
Version: 4
Platform(s): Oracle Linux 6
Product(s): samba4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27521
 
Oval ID: oval:org.mitre.oval:def:27521
Title: DEPRECATED: ELSA-2012-0465 -- samba security update (critical)
Description: [3.5.10-115] - Security Release, fixes CVE-2012-1182 - resolves: #804644
Family: unix Class: patch
Reference(s): ELSA-2012-0465
CVE-2012-1182
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): samba
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27693
 
Oval ID: oval:org.mitre.oval:def:27693
Title: DEPRECATED: ELSA-2013-0515 -- openchange security, bug fix and enhancement update (moderate)
Description: A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls. With this update, the code has been generated with an updated version of PIDL to correct this issue.
Family: unix Class: patch
Reference(s): ELSA-2013-0515
CVE-2012-1182
Version: 4
Platform(s): Oracle Linux 6
Product(s): evolution-mapi
openchange
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27814
 
Oval ID: oval:org.mitre.oval:def:27814
Title: DEPRECATED: ELSA-2012-0466 -- samba3x security update (critical)
Description: [3.5.10-0.108] - Security Release, fixes CVE-2012-1182 - resolves: #804650
Family: unix Class: patch
Reference(s): ELSA-2012-0466
CVE-2012-1182
Version: 4
Platform(s): Oracle Linux 5
Product(s): samba3x
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 207

OpenVAS Exploits

Date Description
2012-12-13 Name : SuSE Update for update openSUSE-SU-2012:0507-1 (update)
File : nvt/gb_suse_2012_0507_1.nasl
2012-08-30 Name : Fedora Update for samba FEDORA-2012-5793
File : nvt/gb_fedora_2012_5793_samba_fc17.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-22 (Samba)
File : nvt/glsa_201206_22.nasl
2012-08-03 Name : Mandriva Update for samba MDVSA-2012:055 (samba)
File : nvt/gb_mandriva_MDVSA_2012_055.nasl
2012-08-02 Name : SuSE Update for samba openSUSE-SU-2012:0508-1 (samba)
File : nvt/gb_suse_2012_0508_1.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2012:0465 centos5
File : nvt/gb_CESA-2012_0465_libsmbclient_centos5.nasl
2012-07-30 Name : CentOS Update for libsmbclient CESA-2012:0465 centos6
File : nvt/gb_CESA-2012_0465_libsmbclient_centos6.nasl
2012-07-30 Name : CentOS Update for samba3x CESA-2012:0466 centos5
File : nvt/gb_CESA-2012_0466_samba3x_centos5.nasl
2012-05-18 Name : Mac OS X Multiple Vulnerabilities (2012-002)
File : nvt/gb_macosx_su12-002.nasl
2012-05-17 Name : Fedora Update for samba4 FEDORA-2012-6382
File : nvt/gb_fedora_2012_6382_samba4_fc16.nasl
2012-05-04 Name : Fedora Update for samba4 FEDORA-2012-6349
File : nvt/gb_fedora_2012_6349_samba4_fc15.nasl
2012-05-04 Name : Fedora Update for samba FEDORA-2012-7006
File : nvt/gb_fedora_2012_7006_samba_fc16.nasl
2012-05-04 Name : Fedora Update for samba FEDORA-2012-6999
File : nvt/gb_fedora_2012_6999_samba_fc15.nasl
2012-04-30 Name : Debian Security Advisory DSA 2450-1 (samba)
File : nvt/deb_2450_1.nasl
2012-04-30 Name : FreeBSD Ports: samba34
File : nvt/freebsd_samba342.nasl
2012-04-23 Name : Fedora Update for samba FEDORA-2012-5805
File : nvt/gb_fedora_2012_5805_samba_fc15.nasl
2012-04-16 Name : Fedora Update for samba FEDORA-2012-5843
File : nvt/gb_fedora_2012_5843_samba_fc16.nasl
2012-04-13 Name : Ubuntu Update for samba USN-1423-1
File : nvt/gb_ubuntu_USN_1423_1.nasl
2012-04-11 Name : RedHat Update for samba3x RHSA-2012:0466-01
File : nvt/gb_RHSA-2012_0466-01_samba3x.nasl
2012-04-11 Name : RedHat Update for samba RHSA-2012:0465-01
File : nvt/gb_RHSA-2012_0465-01_samba.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 23240 - Revision : 6 - Type : SERVER-SAMBA
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 22012 - Revision : 6 - Type : SERVER-SAMBA
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 22011 - Revision : 6 - Type : SERVER-SAMBA
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 22010 - Revision : 6 - Type : SERVER-SAMBA
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 22009 - Revision : 9 - Type : SERVER-SAMBA
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 22008 - Revision : 6 - Type : SERVER-SAMBA
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 22007 - Revision : 6 - Type : SERVER-SAMBA
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 22006 - Revision : 7 - Type : SERVER-SAMBA
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 22005 - Revision : 6 - Type : SERVER-SAMBA
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 22004 - Revision : 6 - Type : SERVER-SAMBA
2014-01-10 Samba malicious user defined array size and buffer attempt
RuleID : 21806 - Revision : 8 - Type : SERVER-SAMBA

Nessus® Vulnerability Scanner

Date Description
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_samba_20121016.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-224.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-223.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0506.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-0515.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0478.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0466.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0465.nasl - Type : ACT_GATHER_INFO
2013-03-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0506.nasl - Type : ACT_GATHER_INFO
2013-03-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-0515.nasl - Type : ACT_GATHER_INFO
2013-03-05 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130221_samba4_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-03-05 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130221_openchange_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0515.nasl - Type : ACT_GATHER_INFO
2013-02-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0506.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120410_samba_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120410_samba3x_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-06-25 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-22.nasl - Type : ACT_GATHER_INFO
2012-05-16 Name : The remote Fedora host is missing a security update.
File : fedora_2012-6382.nasl - Type : ACT_GATHER_INFO
2012-05-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-002.nasl - Type : ACT_GATHER_INFO
2012-05-04 Name : The remote Fedora host is missing a security update.
File : fedora_2012-6349.nasl - Type : ACT_GATHER_INFO
2012-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2012-5805.nasl - Type : ACT_GATHER_INFO
2012-04-19 Name : The remote Fedora host is missing a security update.
File : fedora_2012-5793.nasl - Type : ACT_GATHER_INFO
2012-04-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_ldapsmb-120415.nasl - Type : ACT_GATHER_INFO
2012-04-16 Name : The remote Fedora host is missing a security update.
File : fedora_2012-5843.nasl - Type : ACT_GATHER_INFO
2012-04-16 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_cifs-mount-120411.nasl - Type : ACT_GATHER_INFO
2012-04-16 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_cifs-mount-8058.nasl - Type : ACT_GATHER_INFO
2012-04-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2450.nasl - Type : ACT_GATHER_INFO
2012-04-13 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1423-1.nasl - Type : ACT_GATHER_INFO
2012-04-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-055.nasl - Type : ACT_GATHER_INFO
2012-04-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0466.nasl - Type : ACT_GATHER_INFO
2012-04-11 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_baf37cd2835111e1894e00215c6a37bb.nasl - Type : ACT_GATHER_INFO
2012-04-11 Name : The remote Samba server is affected by multiple buffer overflow vulnerabilities.
File : samba_rpc_multiple_buffer_overflows.nasl - Type : ACT_GATHER_INFO
2012-04-11 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0465.nasl - Type : ACT_GATHER_INFO
2012-04-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0466.nasl - Type : ACT_GATHER_INFO
2012-04-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0465.nasl - Type : ACT_GATHER_INFO