7.9 High
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
samba is vulnerable to arbitrary code execution. The vulnerability exist as an input validation flaw was found in the way Samba handled Any Batched (AndX) requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in arbitrary code execution with the privileges of the Samba server (root).
btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29565
lists.apple.com/archives/security-announce/2012/May/msg00001.html
lists.opensuse.org/opensuse-security-announce/2012-03/msg00008.html
lists.opensuse.org/opensuse-security-announce/2012-03/msg00009.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
secunia.com/advisories/48116
secunia.com/advisories/48186
secunia.com/advisories/48844
secunia.com/advisories/48879
support.apple.com/kb/HT5281
www.samba.org/samba/security/CVE-2012-0870
www.ubuntu.com/usn/USN-1374-1
access.redhat.com/errata/RHSA-2012:0332
access.redhat.com/security/cve/CVE-2012-0870
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=795509
exchange.xforce.ibmcloud.com/vulnerabilities/73361