Information Security News mailing list archives
Samba security patch fixes critical remote code execution hole
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 12 Apr 2012 01:50:31 -0500 (CDT)
https://www.networkworld.com/news/2012/041112-samba-security-patch-fixes-critical-258173.html By Lucian Constantin IDG News Service April 11, 2012The developers of Samba, the open source software that enables file and print sharing between Linux, Windows and Mac OS X computers, released security patches on Tuesday to address a critical vulnerability that can be exploited by remote attackers to execute arbitrary code on systems where the Samba service is running.
The vulnerability is identified as CVE-2012-1182 and is located in Samba's code that handles the processing of remote procedure call (RPC) requests, particularly their translation into a Network Data Representation (NDR) format.
A client can send a specially crafted RPC call to a Samba server in order to exploit the vulnerability and execute unauthorized code with administrative privileges (root) on the system.
"As this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately," the Samba development team said in a security advisory.
[...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.org
Current thread:
- Samba security patch fixes critical remote code execution hole InfoSec News (Apr 11)