exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2012-1182

Status Candidate

Overview

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

Related Files

Red Hat Security Advisory 2013-0515-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0515-02 - The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls. With this update, the code has been generated with an updated version of PIDL to correct this issue. The openchange packages have been upgraded to upstream version 1.0, which provides a number of bug fixes and enhancements over the previous version, including support for the rebased samba4 packages and several API changes.

tags | advisory, overflow, perl, protocol
systems | linux, redhat
advisories | CVE-2012-1182
SHA-256 | 5c9dd4885b245ecf8ed98fec1242a39231d294c129bcbb7e1f55c61f932d8dc5
Red Hat Security Advisory 2013-0506-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0506-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. The samba4 packages have been upgraded to upstream version 4.0.0, which provides a number of bug fixes and enhancements over the previous version. In particular, improved interoperability with Active Directory domains. SSSD now uses the libndr-krb5pac library to parse the Privilege Attribute Certificate issued by an AD Key Distribution Center .

tags | advisory, overflow, perl, protocol
systems | linux, redhat
advisories | CVE-2012-1182
SHA-256 | b4f586366b5141c1d1a1fbcbba40b5840262fafcced1a44a41f7ab8f27a62fcb
Samba SetInformationPolicy AuditEventsInfo Heap Overflow
Posted Sep 28, 2012
Authored by unknown, Blasty, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.

tags | exploit, overflow, arbitrary, root
advisories | CVE-2012-1182, OSVDB-81303
SHA-256 | 9949872fc1ebdc3a22c30908a1250ac0f492dd32e5fa7cdf09b5146958389629
HP Security Bulletin HPSBUX02789 SSRT100824 3
Posted Jul 25, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02789 SSRT100824 3 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code or elevate privileges. Revision 3 of this advisory.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2012-1182, CVE-2012-2111
SHA-256 | ede63ffb5a2f14c0429fc9a03eebbb53fb85c803709c1fe088d7af87e5a33b45
Gentoo Linux Security Advisory 201206-22
Posted Jun 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-22 - Multiple vulnerabilities have been found in Samba, the worst of which may allow execution of arbitrary code with root privileges. Versions less than 3.5.15 are affected.

tags | advisory, arbitrary, root, vulnerability
systems | linux, gentoo
advisories | CVE-2009-2906, CVE-2009-2948, CVE-2010-0728, CVE-2010-1635, CVE-2010-1642, CVE-2010-2063, CVE-2010-3069, CVE-2011-0719, CVE-2011-1678, CVE-2011-2724, CVE-2012-0870, CVE-2012-1182, CVE-2012-2111
SHA-256 | 3a8fd8a24a3985683e4babf848739763a038475b7f8effd578be0119268b2f7f
HP Security Bulletin HPSBUX02789 SSRT100824
Posted Jun 19, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02789 SSRT100824 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code or elevate privileges. Revision 1 of this advisory.

tags | advisory, arbitrary, vulnerability
systems | hpux
advisories | CVE-2012-1182, CVE-2012-2111
SHA-256 | 18a75793c99460c649e856173de1d4e2b746ae5d8223c6908af7703f3b5ab684
HP Security Bulletin HPSBMU02790 SSRT100872
Posted Jun 12, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02790 SSRT100872 - A potential security vulnerability has been identified with HP Server Automation for Linux and SunOS. This vulnerability could by exploited remotely resulting in the execution of arbitrary code. The vulnerability is in Samba which is used in HP Server Automation. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | linux, solaris
advisories | CVE-2012-1182
SHA-256 | af0e7a4c6db8639f20483e55e8c75872cc1c7d21031f9c997e53b454ff867b65
Ubuntu Security Notice USN-1423-1
Posted Apr 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.

tags | advisory, remote, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2012-1182, CVE-2012-1182
SHA-256 | 704df03b3052c8f11de9921496d8a6951e3b0ae29b75bbbae2c06a4435a51f7a
Red Hat Security Advisory 2012-0478-01
Posted Apr 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0478-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.

tags | advisory, remote, overflow, arbitrary, root, perl, protocol
systems | linux, redhat
advisories | CVE-2012-1182
SHA-256 | 18abb32cf9211542fd5a4c9fa789e88cd4d5530dd19accafd5056d840cd3a798
Debian Security Advisory 2450-1
Posted Apr 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2450-1 - It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.

tags | advisory, remote, code execution
systems | linux, debian
advisories | CVE-2012-1182
SHA-256 | e046a9837a078cecc89818dd89c20058b986e8358ee2ed27ad3347a2b66377bc
Mandriva Linux Security Advisory 2012-055
Posted Apr 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-055 - The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1182
SHA-256 | 676cd5caa1a00ec6655d780e2a43329e69c8af366edce0bac72c298a8f52bb1d
Red Hat Security Advisory 2012-0466-01
Posted Apr 11, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0466-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.

tags | advisory, remote, overflow, arbitrary, root, perl, protocol
systems | linux, redhat
advisories | CVE-2012-1182
SHA-256 | ac3d0a5cf4ad166161f6d299cf8b70631e442e80e31a75c43f97926eb4e060f3
Red Hat Security Advisory 2012-0465-01
Posted Apr 11, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0465-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.

tags | advisory, remote, overflow, arbitrary, root, perl, protocol
systems | linux, redhat
advisories | CVE-2012-1182
SHA-256 | 5a04569b6919bd0a20fe7431a7493f6484a21e57dfa7115a5e0ef655365f0b8d
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close