ID:3680 - Exploit for Input validation error in Samba - CVE-2012-1182

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:3680 - Exploit for Input validation error in Samba - CVE-2012-1182

ID:3680 - Exploit for Input validation error in Samba - CVE-2012-1182

Published: August 4, 2020


Vulnerability identifier: #VU33952
Vulnerability risk: High
CVE-ID: CVE-2012-1182
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Samba

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.


Remediation

Install update from vendor's website.