Lucene search

Veracode Vulnerability DatabaseVERACODE:11117

HistoryJan 15, 2019 - 8:57 a.m.

Remote Code Execution (RCE)

2019-01-1508:57:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

samba4 is vulnerable to remote code execution (RCE) attacks. The vulnerability exists as the RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

CPENameOperatorVersion
samba4eq4.0.0__23.alpha11.el6
openchangeeq0.9__7.el6
evolution-mapieq0.28.3__6.el6
evolution-mapieq0.28.3__7.el6
sambaeq3.0.23c__2.el5.2.0.2
sambaeq3.5.4__68.el6_0.1
sambaeq3.0.33__3.14.el5
sambaeq3.5.4__68.el6
sambaeq3.5.10__114.el6
sambaeq3.0.33__3.28.el5

Name	Operator	Version
samba4	eq	4.0.0__23.alpha11.el6
openchange	eq	0.9__7.el6
evolution-mapi	eq	0.28.3__6.el6
evolution-mapi	eq	0.28.3__7.el6
samba	eq	3.0.23c__2.el5.2.0.2
samba	eq	3.5.4__68.el6_0.1
samba	eq	3.0.33__3.14.el5
samba	eq	3.5.4__68.el6
samba	eq	3.5.10__114.el6
samba	eq	3.0.33__3.28.el5

Rows per page:

1-10 of 541

References

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html

marc.info/?l=bugtraq&m=133951282306605&w=2

marc.info/?l=bugtraq&m=134323086902585&w=2

secunia.com/advisories/48751

secunia.com/advisories/48754

secunia.com/advisories/48816

secunia.com/advisories/48818

secunia.com/advisories/48844

secunia.com/advisories/48873

secunia.com/advisories/48879

secunia.com/advisories/48999

support.apple.com/kb/HT5281

www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578

www.debian.org/security/2012/dsa-2450

www.mandriva.com/security/advisories?name=MDVSA-2012:055

www.samba.org/samba/history/samba-3.6.4.html

www.securitytracker.com/id?1026913

www.ubuntu.com/usn/USN-1423-1

access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Release_Notes/index.html

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=766333

bugzilla.redhat.com/show_bug.cgi?id=861892

bugzilla.redhat.com/show_bug.cgi?id=864889

bugzilla.redhat.com/show_bug.cgi?id=867317

bugzilla.redhat.com/show_bug.cgi?id=867854

bugzilla.redhat.com/show_bug.cgi?id=868248

bugzilla.redhat.com/show_bug.cgi?id=868419

bugzilla.redhat.com/show_bug.cgi?id=877085

bugzilla.redhat.com/show_bug.cgi?id=878564

bugzilla.redhat.com/show_bug.cgi?id=882188

bugzilla.redhat.com/show_bug.cgi?id=885089

bugzilla.redhat.com/show_bug.cgi?id=886157

bugzilla.redhat.com/show_bug.cgi?id=895718

rhn.redhat.com/errata/RHSA-2013-0506.html

www.samba.org/samba/security/CVE-2012-1182

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for VERACODE:11117