Samba <3.6.4 (CVE-2012-1182) remote execution of arbitrary code with root privileges

    Samba version 3.6.3 and all previous versions were exposed to remote execution of arbitrary code with root privileges. This attack can be performed by an anonymous non-authenticated user, it is enough to have access to the Samba network port.

    All Samba versions from 3.0.x through 3.6.3 inclusive are affected. All Samba users are encouraged to urgently upgrade to the corrective releases presented. Patches have been prepared for Samba branches that are no longer supported.


    Vulnerability was identified by members of the Zero Day Initiative program and the problem was initially reported on March 15th. It is likely that there is a 0-day exploit in the wild.

    The problem is caused by an error in the code generator for the RPC (Remote Procedure Call) mechanism, which leads to the formation of unsafe code that is involved in making RPC calls transmitted over the network. As a result of the error, checking the variable through which the size of the array is transmitted and checking the variable with the memory requested for this array are performed independently of each other. The value of both variables is set on the client side and is completely controlled by it. This creates the possibility of transmitting an array of obviously larger size than the buffer allocated for it can accommodate, which will lead to the superposition of the “tail” of the array on other data structures.

    https://www.samba.org/samba/security/CVE-2012-1182

    Also popular now: