Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Samba security patch fixes critical remote code execution hole

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 12 Apr 2012 01:50:31 -0500 (CDT)
https://www.networkworld.com/news/2012/041112-samba-security-patch-fixes-critical-258173.html

By Lucian Constantin
IDG News Service
April 11, 2012
The developers of Samba, the open source software that enables file and print sharing between Linux, Windows and Mac OS X computers, released security patches on Tuesday to address a critical vulnerability that can be exploited by remote attackers to execute arbitrary code on systems where the Samba service is running.
The vulnerability is identified as CVE-2012-1182 and is located in Samba's code that handles the processing of remote procedure call (RPC) requests, particularly their translation into a Network Data Representation (NDR) format.
A client can send a specially crafted RPC call to a Samba server in order to exploit the vulnerability and execute unauthorized code with administrative privileges (root) on the system.
"As this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately," the Samba development team said in a security advisory. 

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Previous By Date Next
Previous By Thread Next

Current thread: