FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

samba -- "root" credential remote code execution

Affected packages
3.4.* < samba34 < 3.4.16
3.5.* < samba35 < 3.5.14
3.6.* < samba36 < 3.6.4


VuXML ID baf37cd2-8351-11e1-894e-00215c6a37bb
Discovery 2012-04-10
Entry 2012-04-10

Samba development team reports:

Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection.

As this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately.


CVE Name CVE-2012-1182