#VU33952 Input validation error in Samba


Published: 2020-08-04

Vulnerability identifier: #VU33952

Vulnerability risk: High

CVSSv3.1: 9.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2012-1182

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Samba
Server applications / Directory software, identity management

Vendor: Samba

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samba: 3.0 - 3.0.37, 3.1 - 3.1.0, 3.2 - 3.2.15, 3.3 - 3.3.16, 3.4 - 3.4.15

External links
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
http://marc.info/?l=bugtraq&m=133951282306605&w=2
http://marc.info/?l=bugtraq&m=134323086902585&w=2
http://secunia.com/advisories/48751
http://secunia.com/advisories/48754
http://secunia.com/advisories/48816
http://secunia.com/advisories/48818
http://secunia.com/advisories/48844
http://secunia.com/advisories/48873
http://secunia.com/advisories/48879
http://secunia.com/advisories/48999
http://support.apple.com/kb/HT5281
http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
http://www.debian.org/security/2012/dsa-2450
http://www.mandriva.com/security/advisories?name=MDVSA-2012:055
http://www.samba.org/samba/history/samba-3.6.4.html
http://www.securitytracker.com/id?1026913
http://www.ubuntu.com/usn/USN-1423-1
http://www.samba.org/samba/security/CVE-2012-1182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in HP-UX CIFS Server (Samba)
Input validation error in HP Server Automation
SUSE Linux update for Samba
SUSE Linux update for Samba
SUSE Linux update for Samba
Input validation error in samba (Alpine package)
Input validation error in Samba