FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-1182

This CVE name corresponds to:

Entered Topic
2012-04-10 samba -- "root" credential remote code execution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-1182
Phase Assigned(20120214)

Description

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

References

Source Reference
CONFIRM https://www.samba.org/samba/security/CVE-2012-1182
CONFIRM http://support.apple.com/kb/HT5281
CONFIRM http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
APPLE APPLE-SA-2012-05-09-1
FEDORA FEDORA-2012-6382
HP HPSBUX02789
HP SSRT100824
UBUNTU USN-1423-1
SECUNIA 48999
SECUNIA 48844
SECUNIA 48879
SECUNIA 48751
SECUNIA 48754
SECUNIA 48816
SECUNIA 48818
SECUNIA 48873