10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
samba4 is vulnerable to remote code execution (RCE) attacks. The vulnerability exists as the RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
lists.apple.com/archives/security-announce/2012/May/msg00001.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html
lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html
lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
marc.info/?l=bugtraq&m=133951282306605&w=2
marc.info/?l=bugtraq&m=134323086902585&w=2
secunia.com/advisories/48751
secunia.com/advisories/48754
secunia.com/advisories/48816
secunia.com/advisories/48818
secunia.com/advisories/48844
secunia.com/advisories/48873
secunia.com/advisories/48879
secunia.com/advisories/48999
support.apple.com/kb/HT5281
www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
www.debian.org/security/2012/dsa-2450
www.mandriva.com/security/advisories?name=MDVSA-2012:055
www.samba.org/samba/history/samba-3.6.4.html
www.securitytracker.com/id?1026913
www.ubuntu.com/usn/USN-1423-1
access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Release_Notes/index.html
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=766333
bugzilla.redhat.com/show_bug.cgi?id=861892
bugzilla.redhat.com/show_bug.cgi?id=864889
bugzilla.redhat.com/show_bug.cgi?id=867317
bugzilla.redhat.com/show_bug.cgi?id=867854
bugzilla.redhat.com/show_bug.cgi?id=868248
bugzilla.redhat.com/show_bug.cgi?id=868419
bugzilla.redhat.com/show_bug.cgi?id=877085
bugzilla.redhat.com/show_bug.cgi?id=878564
bugzilla.redhat.com/show_bug.cgi?id=882188
bugzilla.redhat.com/show_bug.cgi?id=885089
bugzilla.redhat.com/show_bug.cgi?id=886157
bugzilla.redhat.com/show_bug.cgi?id=895718
rhn.redhat.com/errata/RHSA-2013-0506.html
www.samba.org/samba/security/CVE-2012-1182